CVE-2024-57240 |
Description: A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file.
EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
CVE-2024-55570 |
Description: /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access control.
EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
CVE-2024-55532 |
Description: Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0.
Users are recommended to upgrade to version 2.6.0, which fixes this issue.
EPSS Score: 0.07%
March 3rd, 2025 (4 months ago)
|
CVE-2024-53388 |
Description: A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.
EPSS Score: 0.06%
March 3rd, 2025 (4 months ago)
|
CVE-2024-53387 |
Description: A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.
EPSS Score: 0.06%
March 3rd, 2025 (4 months ago)
|
![]() |
Description: Another lawyer was caught using AI and not checking the output for accuracy, while a previously-reported case just got hit with sanctions.
March 3rd, 2025 (4 months ago)
|
![]() |
Description: Utsunomiya Central Clinic Has Fallen Victim to Qilin Ransomware
March 3rd, 2025 (4 months ago)
|
![]() |
Description: Goroutine Leak in Abacus SSE Implementation
Summary
A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely.
POC
Impact
This vulnerability affects all versions of Abacus prior to v1.4.0. The issue causes:
Permanent unresponsiveness of the /stream endpoint after prolonged use
Memory growth that stabilizes at a high level but prevents proper functionality
Selective denial of service affecting only SSE connections while other endpoints remain functional
Accumulated orphaned goroutines that cannot be garbage collected
High resource consumption under sustained client connection/disconnection patterns
Systems running Abacus in production with client applications that frequently establish and terminate SSE connections are most vulnerable. The issue becomes particularly apparent in high-traffic environments or during connection stress testing.
Patches
The vulnerability has been patched in Abacus v1.4.0. The fix includes:
Implementing buffered channels to prev...
March 3rd, 2025 (4 months ago)
|
![]() |
Description: Counter Claims to have Leaked the Data of Smoke's & Jack's Roleplay Forum
March 3rd, 2025 (4 months ago)
|
![]() |
Description: Counter Claims to have Leaked the Data of TXG Corp
March 3rd, 2025 (4 months ago)
|