CVE-2024-28176
- EPSS 2.09%
- Veröffentlicht 09.03.2024 01:15:07
- Zuletzt bearbeitet 05.12.2025 16:48:46
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been iden...
CVE-2024-28180
- EPSS 1.96%
- Veröffentlicht 09.03.2024 01:15:07
- Zuletzt bearbeitet 03.12.2025 20:29:36
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or Decrypt...
CVE-2024-28184
- EPSS 0.62%
- Veröffentlicht 09.03.2024 01:15:07
- Zuletzt bearbeitet 02.12.2025 21:57:58
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to file...
CVE-2024-23280
- EPSS 1.29%
- Veröffentlicht 08.03.2024 02:15:49
- Zuletzt bearbeitet 02.04.2026 19:17:12
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2024-23284
- EPSS 1.49%
- Veröffentlicht 08.03.2024 02:15:49
- Zuletzt bearbeitet 02.04.2026 19:17:13
A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web conte...
CVE-2024-23254
- EPSS 1.25%
- Veröffentlicht 08.03.2024 02:15:48
- Zuletzt bearbeitet 02.04.2026 19:17:06
The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.
CVE-2024-23263
- EPSS 1.5%
- Veröffentlicht 08.03.2024 02:15:48
- Zuletzt bearbeitet 02.04.2026 19:17:08
A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may...
CVE-2024-2044
- EPSS 79.33%
- Veröffentlicht 07.03.2024 21:15:08
- Zuletzt bearbeitet 19.09.2025 14:55:20
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain co...
CVE-2024-1931
- EPSS 2.52%
- Veröffentlicht 07.03.2024 10:15:07
- Zuletzt bearbeitet 17.12.2024 16:56:50
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from ...
CVE-2024-2174
- EPSS 12.56%
- Veröffentlicht 06.03.2024 19:15:09
- Zuletzt bearbeitet 19.12.2024 20:24:09
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)