Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before...
9.8CVSS
9.8AI Score
0.975EPSS
Virtuozzo Hybrid Infrastructure 6.1 Update 1.2 (6.1.1-39)
This update provides a stability improvement. Vulnerability id: VSTOR-85986 Enabled adding multiple devices to the boot sequence of Linux...
7.3AI Score
A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An.....
5.5CVSS
0.0004EPSS
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an.....
5.4CVSS
6.9AI Score
0.001EPSS
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a...
5.3CVSS
7.2AI Score
0.001EPSS
A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An.....
7.1CVSS
5.3AI Score
0.0004EPSS
Cache Flooding in TYPO3 Frontend
Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the...
7AI Score
TVT NVMS 1000 - Local File Inclusion
TVT NVMS-1000 devices allow GET /.. local file inclusion...
7.5CVSS
7.5AI Score
0.723EPSS
Cache Flooding in TYPO3 Frontend
Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the...
7AI Score
7.4AI Score
NeDi 1.9C - Cross-Site Scripting
NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...
6.1CVSS
6AI Score
0.001EPSS
DrayTek - Remote Code Execution
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi...
9.8CVSS
9.8AI Score
0.971EPSS
Security Analysis of the EU’s Digital Wallet
A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity...
7.3AI Score
Dell EMC PowerScale OneFS (Isilion OneFS) Detection Consolidation
Consolidation of Dell EMC PowerScale OneFS (formerly Isilion OneFS)...
7.3AI Score
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...
4.7CVSS
5.2AI Score
0.0004EPSS
Issue Overview: An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to...
6.2CVSS
7.3AI Score
0.001EPSS
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged user passwords in...
4.4CVSS
6.6AI Score
0.0004EPSS
(RHSA-2024:2633) Important: updated rhceph-6.1 container image
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This updated container image is based on Red Hat Ceph Storage 6.1 and Red Hat...
9.8AI Score
0.732EPSS
In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_t parameter in the irq descriptor, and that reference can be accessed later from irq_affinity_hint_proc_show(). Since...
6.8AI Score
0.0004EPSS
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the...
4.7CVSS
5.2AI Score
0.0004EPSS
PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context.....
7.1AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtsensors-5.15.14-1.fc40
The Qt Sensors API provides access to sensor hardware via QML and C++ interfaces. The Qt Sensors API also provides a motion gesture recognition API for...
6.5AI Score
0.0004EPSS
Fully Offline Electronic Cash: Is It an Intractable Problem?
By Daily Contributors Is truly offline offline electronic Cash possible? Unlike Bitcoin, experts dig deeper into the technical hurdles of creating software-based cash that works without the internet. Discover why achieving this might be a tougher nut to crack than expected. This is a post from...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call...
6.6AI Score
0.0004EPSS
CVE-2021-47061 KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU
In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new.....
7.6AI Score
0.0004EPSS
Linear eMerge E3-Series - Information Disclosure
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control...
8.2CVSS
8.1AI Score
0.003EPSS
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be...
7.6CVSS
7.4AI Score
0.001EPSS
SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution
SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi...
9.8CVSS
9.8AI Score
0.963EPSS
In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_t parameter in the irq descriptor, and that reference can be accessed later from irq_affinity_hint_proc_show(). Since...
6.4AI Score
0.0004EPSS
RHEL 7 : Red Hat Ceph Storage 3.3 Security and Bug Fix Update (Important) (RHSA-2021:1518)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1518 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
8.2CVSS
8.3AI Score
0.717EPSS
7.4AI Score
RHEL 7 : Red Hat Ceph Storage 3 Security and Bug Fix update (Important) (RHSA-2022:1394)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1394 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with...
7.2CVSS
7.2AI Score
0.002EPSS
Encoded session passwords on session storage for Virtual Fabric platforms.(CVE-2024-29953)
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded...
6.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtsvg-5.15.14-1.fc40
Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint...
6.5AI Score
0.0004EPSS
Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection
Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this...
10CVSS
9.9AI Score
0.974EPSS
Security Bulletin: Vulnerabilities in cryptography and Jinja [CVE-2023-50782, CVE-2024-22195]
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in cryptography and Jinja which include obtain sensitive information and cross-site scripting, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have...
7.5CVSS
7.2AI Score
0.001EPSS
CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root...
6.5CVSS
6.8AI Score
0.0004EPSS
Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices
Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature,...
7.5CVSS
8.6AI Score
0.0004EPSS
Fujitsu IP Series - Hardcoded Credentials
Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative.....
7.5CVSS
7.6AI Score
0.003EPSS
Hongdian H8922 3.0.5 - Remote Command Injection
Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address (a/k/a Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive...
8.8CVSS
9.2AI Score
0.964EPSS
Argus Surveillance DVR 4.0.0.0 - Local File Inclusion
Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE...
7.5CVSS
7.3AI Score
0.904EPSS
Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx Firmware
DahuaLoginBypass Chrome extension that uses vulnerability...
9.4AI Score
Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx Firmware
CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass...
9.8CVSS
9.5AI Score
0.226EPSS
RHEL 7 / 8 : Red Hat Ceph Storage 4.2 Security and Bug Fix update (Important) (RHSA-2021:0081)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0081 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage...
8.8CVSS
7.1AI Score
0.001EPSS
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML...
8.8CVSS
9AI Score
0.003EPSS
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it.....
6.6CVSS
6.5AI Score
0.0004EPSS
CVE-2024-26304-RCE-exploits Critical RCE Vulnerabilities in...
9.8CVSS
7.5AI Score
0.0004EPSS
Cyberoam NetGenie Cross-Site Scripting
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of...
6.1CVSS
6.1AI Score
0.011EPSS
Microsoft Entra Registered Configuration (Windows)
The host is Microsoft Entra Registered, previously known as 'Azure AD Registered' or 'workplace joined', and it was possible to retrieve certain Microsoft Entra ID device configuration attributes, including: Microsoft Entra tenant ID Microsoft Entra tenant region Microsoft Entra device ID ...
7.1AI Score
Summary Vulnerabilities in libssh, nginx and nghttp2 affect IBM Storage Virtualize products and could cause denial of service and bypassing of authentication. CVE-2023-44487, CVE-2023-1667, CVE-2023-2283. Vulnerability Details ** CVEID: CVE-2023-44487 DESCRIPTION: **Multiple vendors are...
7.5CVSS
9.2AI Score
0.732EPSS