Author: Angelo Barbosa

A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. This vulnerability is known as CVE-2024-3081. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected...

A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. This vulnerability is traded as CVE-2020-36828. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected...

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-3078. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected...

A vulnerability has been found in mbed TLS up to 2.28.7/3.5.x and classified as problematic. This vulnerability affects unknown code of the component PSA Crypto API. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-28960. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected...

A vulnerability, which was classified as critical, was found in zephyrproject-rtos Zephyr up to 3.6. This affects an unknown part of the component BLE. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2024-3077. The attack can only be done within the local network. There is no exploit...