Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
9.8CVSS
9.9AI Score
0.007EPSS
ReCrystallize Server - Authentication Bypass
This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been...
6.8AI Score
0.001EPSS
Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom...
7.3AI Score
Cross-Site Request Forgery (CSRF)
aim is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the lack of CSRF and CORS protection in the aim dashboard, allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's...
8.8CVSS
7.1AI Score
0.0004EPSS
PHP 8.1.x < 8.1.28 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.1.28. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.28 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a...
9.4CVSS
8.9AI Score
0.006EPSS
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
9.8CVSS
7.4AI Score
0.001EPSS
Slackware Linux 15.0 / current php81 Multiple Vulnerabilities (SSA:2024-103-01)
The version of php81 installed on the remote host is prior to 8.1.28 / 8.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-103-01 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...
9.4CVSS
8.9AI Score
0.006EPSS
7.4AI Score
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
...
7.4AI Score
EPSS
7.4AI Score
7.4AI Score
Apache Superset < 2.1.0 Hardcoded Secret Key
Apache Superset versions prior to 2.1.0 uses a default secret to sign cookies. An unauthenticated attacker can use this default value to forge a cookie and authenticate himself as...
7.3AI Score
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter
...
9.8CVSS
7.4AI Score
0.001EPSS
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2023-34967 DESCRIPTION: **Samba is vulnerable to a denial of service, caused.....
9.8CVSS
10AI Score
0.963EPSS
dsgvo-paket.de Cross Site Scripting vulnerability OBB-3916930
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through...
4.3CVSS
9.3AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Issue Overview: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case....
8.6CVSS
7AI Score
0.002EPSS
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command...
7.7AI Score
0.001EPSS
Juniper Junos OS Multiple Vulnerabilities (JSA79108)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA79108 advisory. This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow...
9.8CVSS
9.3AI Score
0.007EPSS
CHAOS RAT 5.0.1 Remote Command Execution Exploit
CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT...
6.6AI Score
0.0004EPSS
PHP 8.3.x < 8.3.6 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.6 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard...
9.4CVSS
8.9AI Score
0.006EPSS
PHP 8.2.x < 8.2.18 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.2.18. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.18 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a...
9.4CVSS
8.9AI Score
0.006EPSS
php -- Multiple vulnerabilities
This update includes 3 security fixes: High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on...
9.4CVSS
7.5AI Score
0.006EPSS
7.4AI Score
0.001EPSS
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
7.4CVSS
7.4AI Score
0.0004EPSS
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
7.4CVSS
7.4AI Score
0.0004EPSS
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
7.4CVSS
7.5AI Score
0.0004EPSS
CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
7.4CVSS
7.6AI Score
0.0004EPSS
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
8.8CVSS
6.8AI Score
0.0004EPSS
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
8.8CVSS
6.8AI Score
0.0004EPSS
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
8.8CVSS
8.6AI Score
0.0004EPSS
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
8.8CVSS
8.7AI Score
0.0004EPSS
@fastify/secure-session: Reuse of destroyed secure session cookie
Impact At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided...
7.4CVSS
6.9AI Score
0.0004EPSS
@fastify/secure-session: Reuse of destroyed secure session cookie
Impact At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided...
7.4CVSS
7.2AI Score
0.0004EPSS
CVE-2024-2196 CSRF Vulnerability in aimhubio/aim
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...
8.8CVSS
8.9AI Score
0.0004EPSS
Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-2.11.3-py2.py3-none-any.whl and Jinja2-3.1.2-py3-none-any.whl which is vulnerable to CVE-2024-22195 Vulnerability Details ** CVEID: CVE-2024-22195 DESCRIPTION: **Pallets Jinja is vulnerable to cross-site scripting, caused by...
6.1CVSS
6.7AI Score
0.001EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
10CVSS
8.9AI Score
0.024EPSS
contao/core-bundle is vulnerable to Cookie Header Leakage. The vulnerability is due to a flaw in the implementation of the HTTP client options being applied to all requests, including those to external URLs. It allows attackers to potentially access sensitive cookie data from protected...
8.3CVSS
6.8AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
Summary The product includes vulnerable components (e.g., framework libraries) that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for...
9.8CVSS
7.9AI Score
0.963EPSS
Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-46234 DESCRIPTION:...
7.5CVSS
7.3AI Score
0.001EPSS
Security Bulletin: IBM Operational Decision Manager for March 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details ** CVEID:...
8.8CVSS
9.2AI Score
EPSS
gin-vue-admin background arbitrary code coverage vulnerability
Impact "gin-vue-admin<=v2.6.1 has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the 'plugName' parameter. They can create specific folders such as 'api', 'config', 'global', 'model',....
7.7CVSS
7.7AI Score
0.0004EPSS
gin-vue-admin background arbitrary code coverage vulnerability
Impact "gin-vue-admin<=v2.6.1 has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the 'plugName' parameter. They can create specific folders such as 'api', 'config', 'global', 'model',....
7.7CVSS
7.7AI Score
0.0004EPSS