CVE CyberSecurity Database News (Page 526)

Nov 22, 2024 Exploit PHP

CVE-2024-9740 - Tungsten Automation Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

A new security vulnerability CVE-2024-9740 has been discovered in Tungsten Automation Power PDF, leading to remote code execution. This vulnerability affects the way Tungsten Automation&

Nov 22, 2024 CSRF API GraphQL

CVE-2024-9665 - Inside Zimbra's GraphQL CSRF Info Leak Vulnerability (ZDI-CAN-23939) — How It Works and Why It Matters

The email platform Zimbra Collaboration Suite is used by thousands of companies around the world. It’s known for its calendaring, messaging, and “everything in

Nov 22, 2024 RCE Exploit

CVE-2024-11477 - 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability Explained

7-Zip is a leading open-source file archiver, renowned for its support of multiple compression formats, including ZIP, RAR, 7z, and more recently, Zstandard (ZSTD). In

Nov 22, 2024 Exploit

CVE-2024-10220 - How Attackers Can Execute Commands on Kubernetes with Malicious gitRepo Volumes

Kubernetes is the foundation of modern container orchestration, running everything from small apps to massive enterprise workloads. But sometimes, a vulnerable component can expose the

Nov 22, 2024

CVE-2024-52804 - Tornado Cookie Parsing Vulnerability Explained with Exploit Example

Tornado is a popular Python web framework known for its high performance, non-blocking web server. But even robust systems can come with weaknesses, and recently