Poster - CVE CyberSecurity Database News (Page 360)

Jan 9, 2025 XSS Exploit OAuth

CVE-2024-13301 - XSS Vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) Explained

Summary: CVE-2024-13301 is a Cross-Site Scripting (XSS) vulnerability found in the popular Drupal module “OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client)

Jan 9, 2025 Exploit

CVE-2024-54887 - How a Simple Buffer Overflow Puts TP-Link TL-WR940N Routers at Risk (with Exploit Details)

TL;DR A buffer overflow in TP-Link TL-WR940N V3 and V4 routers (firmware 3.16.9 and earlier) makes it possible for anyone with the

Jan 9, 2025 GraphQL

CVE-2025-22151 - Type Confusion in Strawberry GraphQL Relay Integration Leads to Data Leaks and Privilege Escalation

Strawberry GraphQL is a popular Python library for building GraphQL APIs. It's widely adopted and integrates smoothly with Django, SQLAlchemy, Pydantic, and other

Jan 9, 2025

CVE-2025-21598 - Out-of-Bounds Read in Juniper Networks (Junos OS, Junos OS Evolved) RPD via Malformed BGP Packets

Published: 2024-06 Introduction A new critical vulnerability—CVE-2025-21598—was discovered in Juniper Networks’ routing protocol daemon (rpd), which could enable an attacker to crash the

Jan 9, 2025 API SQL

CVE-2025-21628 - Severe SQL Injection Flaw in Chatwoot Below v3.16. Lets Attackers Run Arbitrary Queries

Chatwoot is a popular open-source customer engagement platform used by businesses worldwide to manage conversations, contacts, and support tickets. On March 2025, a critical security