CVE
We, GMO Flatt Security, are striving harder to improve the cybersecurity for the local and global community. We strongly believe that identifying and eradicating cyber weaknesses on products will eventually make the internet a much safer medium to communicate and utilize. To accomplish our objective, we are pushing our best effort to investigate and identify security vulnerabilities on various types of software and hardware that are currently available on the internet. As a result of our enormous effort, our researchers were the first to identify and to report the following vulnerabilities.
CVE-2024-48572
User enumeration in AquilaCMS
CVE-2024-48573
NoSQL injection in AquilaCMS
CVE-2024-42412
XSS in WAB-I1750-PS/WAB-S1167-PS
CVE-2024-43689
Stack-based buffer overflow in WAB-I1750-PS/WAB-S1167-PS
CVE-2024-23168
RCE in XSOverlay
CVE-2024-42366
RCE in VRCX
CVE-2024-34344
RCE in Nuxt
CVE-2024-35227
DoS in Discourse
CVE-2024-1968
Authorization header leakage on the same domain but cross-origin redirect in scrapy/scrapy
CVE-2024-34064
XSS in Jinja
CVE-2024-34069
RCE in Werkzeug due to the improper CSRF protection
CVE-2024-1874
Command injection in PHP on Windows
CVE-2024-29217
Apache Answer: XSS vulnerability when changing personal website
CVE-2024-3566
Command injection vulnerability in programing languages on Windows
CVE-2024-22423
Command injection in yt-dlp on Windows
CVE-2024-24576
Command injection in Rust on Windows
CVE-2024-29034
Content-Type allowlist bypass vulnerability in CarrierWave which possibly leads to XSS remained
CVE-2024-28175
XSS in ArgoCD
CVE-2024-27926
XSS in RSSHub
CVE-2024-27936
Permission prompt spoofing in Deno
CVE-2024-24785
Insufficient escaping in html/template of Go
CVE-2024-22401
Improper access control in Nextcloud guests app
CVE-2024-22402
Improper access control in Nextcloud guests app
CVE-2024-22400
Open redirect in Nextcloud
CVE-2024-22212
Authentication bypass in Nextcloud Global Site Selector
CVE-2023-49598
Stored XSS in GROWI's event handlers
CVE-2023-50339
Stored XSS in GROWI Security Settings (/admin/security)
CVE-2023-50332
Improper Authorization in GROWI User Management (/admin/users)
CVE-2023-50294
Plaintext Display of Secret Access Key in GROWI App Settings (/admin/app)
CVE-2023-50175
Stored XSS in GROWI App Settings (/admin/app), Markdown Settings (/admin/markdown), and Customization (/admin/customize)
CVE-2023-49119
Stored XSS via img Tags in GROWI
CVE-2023-46699
CSRF in GROWI User Settings Page (/me)
CVE-2023-49782
XSS in Collabora Online
CVE-2023-49090
Content-Type allowlist bypass vulnerability in CarrierWave, possibly leading to XSS
CVE-2023-4759
Arbitrary file write in JGit
CVE-2023-37299
XSS in Joplin
CVE-2023-37298
XSS in Joplin
CVE-2023-32766
XSS in Gipod
CVE-2023-34408
XSS in Dokuwiki
CVE-2023-32685
XSS in Kanboard
CVE-2023-33245
Arbitrary file write in Minecraft
CVE-2023-33244
Improper Access Control for browser APIs in Obsidian
CVE-2023-28394
Code Injection in Beekeeper Studio
CVE-2023-25652
Arbitrary file write in Git
CVE-2023-30538
XSS in Discourse
CVE-2023-29008
CSRF in SvelteKit
CVE-2022-3513
XSS in GitLab
CVE-2022-4007
XSS in GitLab
CVE-2023-26491
XSS in RSSHub
CVE-2023-22381
Code injection in GitHub Enterprise Server
CVE-2022-41722
Path Traversal in Go
CVE-2023-24810
XSS in Misskey
CVE-2023-24811
XSS in Misskey
CVE-2023-24812
SQL Injection in Misskey
CVE-2023-25154
XSS in Misskey
CVE-2023-24813
Deserialization of untrusted data in Dompdf
CVE-2022-41919
Incorrect Content-Type parsing in Fastify
CVE-2022-43668
Typora fails to properly neutralize JavaScript code
CVE-2022-43781
RCE in Atlassian BitBucket
CVE-2022-3483
Datadog access token leakage in GitLab
CVE-2022-3486
Open redirect in GitLab
CVE-2022-27637
XSS in PukiWiki
CVE-2022-34486
RCE in PukiWiki
CVE-2022-21158
XSS in MarkText
CVE-2021-4219
Remote DoS in ImageMagick
CVE-2020-5682
DoS in GROWI
CVE-2021-41175
XSS in Pi-hole
ZDI-21-1223
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
CVE-2021-34866
Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability
CVE-2021-20829
XSS in GROWI
CVE-2021-32407
SSRF vulnerability in Kallithea
CVE-2021-32408
SSRF in Gogs
CVE-2021-32409
Stored XSS in Kallithea
CVE-2021-20745
OS Command Injection in Inkdrop
CVE-2021-20727
XSS in Zettlr
CVE-2021-29625
Reflected XSS in Adminer
CVE-2021-3489
Canonical Ubuntu eBPF Out-Of-Bounds Access Privilege Escalation Vulnerability
CVE-2021-20667
Stored XSS in GROWI
CVE-2021-20671
RCE in GROWI
CVE-2021-20668
Arbitrary File Read in GROWI
CVE-2021-20669
Arbitrary File Read/Delete in GROWI
CVE-2021-20670
Improper Access Control leading to Information Leakage in GROWI
CVE-2021-20181
QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
CVE-2021-20239
Linux Kernel setsockopt System Call Untrusted Pointer Dereference Information Disclosure Vulnerability
CVE-2021-40330
SSRF in Git
CVE-2021-20226
Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability
ZDI-20-1440
Linux Kernel eBPF Improper Input Validation Vulnerability
CVE-2020-5672
Stored XSS in KonaWiki3
CVE-2020-5673
Reflected XSS in KonaWiki3
CVE-2020-5670
Path Traversal in KonaWiki3
CVE-2020-5671
Arbitrary File Read in KonaWiki3
CVE-2020-14351
Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
CVE-2020-5662
Reflected XSS in XooNIps
CVE-2020-5663
Stored XSS in XooNIps
CVE-2020-5659
SQL Injection in XooNIps
CVE-2020-5664
Deserialization of untrusted data in XooNIps
CVE-2020-28991
Server-side Request Forgery in Gitea
CVE-2020-5640
Unauthenticated LFI to RCE in OneThird CMS
CVE-2020-5631
XSS in CMONOS.JP
CVE-2020-15188
Unauthenticated RCE in SOY CMS
CVE-2020-15182
CSRF leading to RCE in SOY CMS
CVE-2020-15183
XSS leading to RCE in SOY CMS
CVE-2020-15189
RCE in SOY CMS
CVE-2020-15159
XSS to RCE in BaserCMS
CVE-2020-11936
Canonical Ubuntu apport Unnecessary Privileges Information Disclosure Vulnerability
CVE-2020-15702
Canonical Ubuntu apport Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
