CVE
We, Flatt Security, are striving harder to improve the cybersecurity for the local and global community. We strongly believe that identifying and eradicating cyber weaknesses on products will eventually make the internet a much safer medium to communicate and utilize. To accomplish our objective, we are pushing our best effort to investigate and identify security vulnerabilities on various types of software and hardware that are currently available on the internet. As a result of our enormous effort, our researchers were the first to identify and to report the following vulnerabilities.
CVE-2024-48572
User enumeration in AquilaCMS
CVE-2024-48573
NoSQL injection in AquilaCMS
CVE-2024-43689
Stack-based buffer overflow in WAB-I1750-PS/WAB-S1167-PS
CVE-2024-42412
Cross-site scripting in WAB-I1750-PS/WAB-S1167-PS
CVE-2024-23168
Remote code execution in XSOverlay
CVE-2024-42366
Remote code execution in VRCX
CVE-2024-34344
Remote code execution in Nuxt
CVE-2024-35227
Denial of service in Discourse
CVE-2024-1968
Authorization header leakage on the same domain but cross-origin redirect in scrapy/scrapy
CVE-2024-34069
Remote code execution in Werkzeug due to the improper CSRF protection
CVE-2024-34064
Cross-site scripting in Jinja
CVE-2024-1874
Command injection in PHP on Windows
CVE-2024-29217
Apache Answer: XSS vulnerability when changing personal website
CVE-2024-3566
Command injection vulnerability in programing languages on Windows
CVE-2024-22423
Command injection in yt-dlp on Windows
CVE-2024-24576
Command injection in Rust on Windows
CVE-2024-29034
Content-Type allowlist bypass vulnerability which possibly leads to XSS remained
CVE-2024-28175
Cross-site scripting in ArgoCD
CVE-2024-27926
Cross-site scripting in RSSHub
CVE-2024-27936
Permission prompt spoofing in Deno
CVE-2024-24785
Insufficient escaping in html/template of Go
CVE-2024-22401
Improper access control in Nextcloud guests app
CVE-2024-22402
Improper access control in Nextcloud guests app
CVE-2024-22400
Open redirect in Nextcloud
CVE-2024-22212
Authentication bypass in Nextcloud Global Site Selector
CVE-2023-49598
イベントハンドラにおける格納型クロスサイトスクリプティング
CVE-2023-50339
セキュリティ設定 (/admin/security) における格納型クロスサイトスクリプティング
CVE-2023-50332
ユーザー管理 (/admin/users) における不適切な認可
CVE-2023-50294
アプリ設定 (/admin/app) における Secret access key の平文表示
CVE-2023-50175
アプリ設定 (/admin/app)、マークダウン設定 (/admin/markdown)、カスタマイズ (/admin/customize) における格納型クロスサイトスクリプティング
CVE-2023-49119
img タグによる格納型クロスサイトスクリプティング
CVE-2023-46699
ユーザー設定画面 (/me) におけるクロスサイトリクエストフォージェリ
CVE-2023-49782
Cross-site scripting in Collabora Online
CVE-2023-49090
Content-Type allowlist bypass vulnerability, possibly leading to XSS
CVE-2023-4759
Arbitrary file write in JGit
CVE-2023-37299
Cross-site Scripting in Joplin
CVE-2023-37298
Cross-site Scripting in Joplin
CVE-2023-32766
Cross-site Scripting in Gipod
CVE-2023-34408
Cross-site Scripting in Dokuwiki
CVE-2023-32685
Cross-site Scripting in Kanboard
CVE-2023-33245
Arbitrary file write in Minecraft
CVE-2023-33244
Improper Access Control for browser APIs in Obsidian
CVE-2023-28394
Code Injection in Beekeeper Studio
CVE-2023-25652
Arbitrary file write in Git
CVE-2023-30538
Cross-site Scripting in Discourse
CVE-2023-29008
Cross-site request forgery in SvelteKit
CVE-2022-3513
Cross-site Scripting in GitLab
CVE-2022-4007
Cross-site Scripting in GitLab
CVE-2023-26491
Cross-site Scripting in RSSHub
CVE-2023-22381
Code injection in GitHub Enterprise Server
CVE-2022-41722
Path Traversal in Go
CVE-2023-24810
Cross-site Scripting in Misskey
CVE-2023-24811
Cross-site Scripting in Misskey
CVE-2023-24812
SQL Injection in Misskey
CVE-2023-25154
Cross-site Scripting in Misskey
CVE-2023-24813
Deserialization of untrusted data in Dompdf
CVE-2022-41919
Incorrect Content-Type parsing in Fastify
CVE-2022-43668
Typora fails to properly neutralize JavaScript code
CVE-2022-43781
Remote code execution in Atlassian BitBucket
CVE-2022-3483
Datadog access token leakage in GitLab
CVE-2022-3486
Open redirect in GitLab
CVE-2022-27637
Cross-site Scripting in PukiWiki
CVE-2022-34486
Remote Code Execution in PukiWiki
CVE-2022-21158
Cross-site Scripting in MarkText
CVE-2021-4219
Remote Denial of Service (DoS) in ImageMagick
CVE-2020-5682
Denial of Service (DoS) in GROWI
CVE-2021-41175
Cross-site Scripting in Pi-hole
ZDI-21-1223
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
CVE-2021-34866
Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability
CVE-2021-20829
Cross-site Scripting in GROWI
CVE-2021-32408
Server-Side Request Forgery (SSRF) in Gogs
CVE-2021-32409
Stored Cross-site Scripting in Kallithea
CVE-2021-32407
Server-Side Request Forgery (SSRF) vulnerability in Kallithea
CVE-2021-20745
OS Command Injection in Inkdrop
CVE-2021-20727
Cross-site Scripting in Zettlr
CVE-2021-29625
Reflected Cross-site Scripting in Adminer
CVE-2021-3489
Canonical Ubuntu eBPF Out-Of-Bounds Access Privilege Escalation Vulnerability
CVE-2021-20667
Stored Cross-site Scripting in GROWI
CVE-2021-20668
Arbitrary File Read in GROWI
CVE-2021-20669
Arbitrary File Read/Delete in GROWI
CVE-2021-20670
Improper Access Control leading to Information Leakage in GROWI
CVE-2021-20671
Remote Code Execution in GROWI
CVE-2021-20181
QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
CVE-2021-20239
Linux Kernel setsockopt System Call Untrusted Pointer Dereference Information Disclosure Vulnerability
CVE-2021-40330
Server-Side Request Forgery (SSRF) vulnerability in git
CVE-2021-20226
Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability
ZDI-20-1440
Linux Kernel eBPF Improper Input Validation Vulnerability
CVE-2020-5670
Path Traversal in KonaWiki3
CVE-2020-5671
Arbitrary File Read in KonaWiki3
CVE-2020-5673
Reflected Cross-site Scripting in KonaWiki3
CVE-2020-5672
Stored Cross-site Scripting in KonaWiki3
CVE-2020-14351
Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
CVE-2020-5659
SQL Injection in XooNIps
CVE-2020-5662
Reflected Cross-site Scripting in XooNIps
CVE-2020-5663
Stored Cross-site Scripting in XooNIps
CVE-2020-5664
Deserialization of untrusted data in XooNIps
CVE-2020-28991
Server-side Request Forgery in Gitea
CVE-2020-5640
Unauthenticated LFI to RCE in OneThird CMS
CVE-2020-5631
Cross-site Scripting in CMONOS.JP
CVE-2020-15188
Unauthenticated Remote Code Execution (RCE) in SOY CMS
CVE-2020-15183
Cross-site Scripting leading to Remote Code Execution in SOY CMS
CVE-2020-15182
Cross-site Request Forgery leading to Remote Code Execution in SOY CMS
CVE-2020-15189
Remote Code Execution in SOY CMS
CVE-2020-15159
Cross-site Scripting to Remote Code Execution in BaserCMS
CVE-2020-11936
Canonical Ubuntu apport Unnecessary Privileges Information Disclosure Vulnerability
CVE-2020-15702
Canonical Ubuntu apport Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability