Malicious code in watch-a-fast-x-2023online-watching-at-home-ma (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in pelisplus-repelis-ver-a-man-called-otto-peliculas-completa-en-espanol (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in w-a-t-c-h-65-online-free-is-on-streaming-on-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in w-a-t-c-h-scream-6-online-on-streamings-4k-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in w-a-t-c-h-john-wick-4-online-on-streamings-4k-at-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in w-a-t-c-h-creed-3-online-free-is-on-streaming-on-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Malicious code in w-a-t-c-h-scream-6-online-free-is-on-streaming-on-home (npm)
-= Per source details. Do not edit below this...
7.1AI Score
org.soot-oss: soot is vulnerable to Infinite Loop. The vulnerability is due to the retrieveActiveBody function, which allows an attacker to maliciously craft a method to cause excessive resource consumption that can leads to Denial of...
6.7AI Score
EPSS
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp=...
6.1CVSS
6AI Score
0.001EPSS
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive...
6.8CVSS
6.2AI Score
0.001EPSS
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through...
9.8CVSS
7.4AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through...
4.9CVSS
7.2AI Score
0.001EPSS
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be...
7.8CVSS
7.5AI Score
0.0005EPSS
Remote code execution (RCE) vulnerability in Brocade Fabric OS (CVE-2023-3454)
Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow a remote unauthenticated attacker to execute arbitrary code and use this to gain root access to the...
9.1AI Score
0.0004EPSS
7-Technologies AQUIS Detection
AQUIS is installed on the remote Windows host. It is a tool developed by 7-Technologies for hydraulic modeling of a water...
2.3AI Score
RealFlex Technologies RealWin Detection
RealWin, a SCADA server package from RealFlex Technologies to monitor and control real-time applications, is installed on the remote Windows...
2.2AI Score
ws affected by a DoS when handling a request with many HTTP headers
Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const WebSocket = require('ws'); const wss = new WebSocket.Server({ port: 0 }, function () { const chars =...
7.5CVSS
6.5AI Score
0.0004EPSS
7-Technologies TERMIS Detection
TERMIS is installed on the remote Windows host. It is a tool developed by 7-Technologies for hydraulic modeling of an energy...
1.4AI Score
CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE:...
7.5CVSS
7.8AI Score
0.003EPSS
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Impact Data Validation Detail The parseCompactionRetention function in embed/etcd.go allows the retention variable value to be negative and causes the node to execute the history compaction in a loop, taking more CPU than usual and spamming logs. References Find out more on this vulnerability in...
7.3AI Score
Summary The following security vulnerabilities are addressed with IBM Process Mining 1.14.4 IF001 Vulnerability Details ** CVEID: CVE-2024-22259 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...
9.8CVSS
8.8AI Score
0.005EPSS
A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...
7.2CVSS
7AI Score
0.001EPSS
CVE-2021-38314 Python Exploit Detail The Gutenberg...
5.3CVSS
5.5AI Score
0.002EPSS
ws affected by a DoS when handling a request with many HTTP headers
Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const WebSocket = require('ws'); const wss = new WebSocket.Server({ port: 0 }, function () { const chars =...
7.5CVSS
6.7AI Score
0.0004EPSS
A US Company Enabled a North Korean Scam That Raised Money for WMDs
Wyoming’s secretary of state has proposed ways of “preventing fraud and abuse of corporate filings by commercial registered agents” in the aftermath of the scheme’s...
7.3AI Score
Company admin role gives excessive privileges in eZ Platform Ibexa
Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is typically only given to.....
7.2CVSS
2.7AI Score
0.002EPSS
Etcd embed auto compaction retention negative value causing a compaction loop or a crash in...
7.1AI Score
Keysight Technologies Sensor Management Server Detection
The Keysight Sensor Management Server (SMS), a component of the Keysight RF Sensor Software, is running on the remote...
0.7AI Score
7-Technologies / Schneider-Electric IGSS Detection
IGSS (Interactive Graphical SCADA System) is installed on the remote Windows host. It is a SCADA system for process control and supervision developed by 7-Technologies /...
2.5AI Score
Podman publishes a malicious image to public registries
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman.....
8.8CVSS
3.2AI Score
0.002EPSS
7.4AI Score
A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has.....
7.2CVSS
7.3AI Score
0.001EPSS
A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has....
4.8CVSS
4.8AI Score
0.001EPSS
Use Of A Key Past Its Expiration Date
moodle/moodle is vulnerable to Use of a Key Past its Expiration Date. The vulnerability is caused due to improper key generation, as the same key is used interchangeably for a user's QR login key and their auto-login key. This allows an attacker to exploit the same key used interchangeably for a...
6.8AI Score
0.0004EPSS
kubevirt allows a local attacker to execute arbitrary code via a crafted command
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token...
7.6AI Score
0.0004EPSS
CrateDB has a Client initialized Session-Renegotiation DoS
Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...
5.3CVSS
6.9AI Score
0.0004EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
Follina (PATCHED) ### Remote Access...
8.6AI Score
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...
7.5AI Score
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products...
6.2AI Score
0.204EPSS
JIRA puts a user's XSRF token in various resources.
{panel:bgColor=#e7f4fa} NOTE: This bug report is for JIRA Server. Using JIRA Cloud? [See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61250]. {panel} h5. Steps to Reproduce: # Log into JIRA # Log out from JIRA h5. Expected Results: * The URL shown in the address bar...
0.7AI Score
Magento Insufficient authorization check when adding users to company accounts
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing...
6.5CVSS
6.6AI Score
0.001EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
CVE-2022-30190-follina Just another PoC for the new...
7.8CVSS
8.4AI Score
0.961EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
Follina (PATCHED) ### Remote Access...
8AI Score
A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the...
6.1CVSS
6.7AI Score
0.001EPSS
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products...
7.4AI Score
0.204EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
'Follina' MS-MSDT n-day Microsoft Office RCE—修改版 根据...
7.8CVSS
8.7AI Score
0.961EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
[......
8.3AI Score
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
Follina Proof of Concept (CVE-2022-30190) Quick and easy...
7.8CVSS
8.6AI Score
0.961EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
Follina CVE-2022-30190 Sample Educational Follina Tool...
7.8CVSS
8.5AI Score
0.961EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
MSDT_CVE-2022-30190 This Repository Talks about the Follina...
7.8CVSS
8.6AI Score
0.961EPSS