CVE CyberSecurity Database News (Page 506)

Dec 2, 2024 Exploit

CVE-2024-53566 - Path Traversal in Sangoma Asterisk action_listcategories() (v22 through v22..-pre1) Explained

Summary: In June 2024, a vulnerability (CVE-2024-53566) was found in the popular Sangoma Asterisk PBX (private branch exchange) software, specifically in several v22 releases including

Dec 2, 2024 Exploit Google

CVE-2024-53259 - Off-Path ICMP Injection Attack Disrupts quic-go QUIC Connections

Published June 2024 The open-source project quic-go—an implementation of the QUIC protocol written in Go—was recently found to have a critical vulnerability (CVE-2024-53259)

Dec 2, 2024 API Exploit Java

CVE-2024-53990 - Critical Cookie Handling Flaw in AsyncHttpClient (AHC) Exposes User Data

A highly critical vulnerability, CVE-2024-53990, has been discovered in the popular Java HTTP networking library AsyncHttpClient (AHC). This bug can cause the library to silently

Dec 2, 2024

CVE-2024-53981 - Excessive Logging Vulnerability in python-multipart Leads to Denial of Service

In June 2024, a critical vulnerability was found in python-multipart, a popular streaming multipart parser widely used in Python web applications, including ASGI frameworks like

Dec 2, 2024 API Exploit

CVE-2024-53862 - Critical Argo Workflows Archive Exposure—How a Missing Auth Check Led to Leaked Archived Workflows

Argo Workflows has become the go-to workflow engine for orchestrating jobs on Kubernetes clusters. But in mid-2024, a severe vulnerability (CVE-2024-53862) was discovered that put