Android 13 introduces many enhancements in order to harden...
7.7AI Score
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...
6.9AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted...
9.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-35895 bpf, sockmap: Prevent lock inversion deadlock in map delete elem
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any...
6.4AI Score
0.0004EPSS
A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument...
6.1CVSS
4.5AI Score
0.001EPSS
CVE-2024-35895 bpf, sockmap: Prevent lock inversion deadlock in map delete elem
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any...
6.7AI Score
0.0004EPSS
A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch....
5.5CVSS
4.2AI Score
0.0004EPSS
Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/...
7.5AI Score
0.08EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4J-CVE-Detect This repository contains a set of YARA...
10CVSS
10AI Score
0.976EPSS
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid...
7.2CVSS
7AI Score
0.045EPSS
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid...
7.2CVSS
7AI Score
0.045EPSS
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect Vulnerabilities
Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting...
6.5AI Score
7.4AI Score
Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to...
9.8CVSS
9.2AI Score
0.975EPSS
Summary: Docs doppler has an unclaimed broken link on its doc page which can be claimed by any malicious user. Steps to reproduce: 1.Visit https://docs.doppler.com/docs/removal-deprecated-packages-scripts 2.Click on scheduling a call. {F3122702} The scheduling a call page points to...
7AI Score
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as...
7.5CVSS
7.5AI Score
0.001EPSS
The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS...
8.1CVSS
0.002EPSS
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config
Title: Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Advisory ID: ZSL-2024-5819 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The REBLE610 features an accurate hardware design, absence of...
7.4AI Score
A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to.....
8.1CVSS
6.7AI Score
0.005EPSS
The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS...
8.1CVSS
7.8AI Score
0.002EPSS
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as...
7.5CVSS
7.4AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4J-CVE-Detect This repository contains a set of YARA...
8.4AI Score
7.4AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X")...
6.8AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: python-django3-3.2.25-2.fc38
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself)...
7.5CVSS
7.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout...
6AI Score
0.0004EPSS
CVE-2024-4077 WordPress UDesign theme <= 4.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF...
6.8AI Score
0.0004EPSS
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF...
6.5AI Score
0.0004EPSS
RHEL 7 : gitpython (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267) GitPython...
8.4AI Score
0.001EPSS
ENL Newsletter <= 1.0.1 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.9AI Score
0.0004EPSS
WP Go Maps < 9.0.35 - Information Exposure to Potential Denial of Service
Description The plugin is vulnerable to unauthenticated API key disclosure due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's Google API key. While this does not affect the security of sites using this...
5.3CVSS
6.6AI Score
0.0004EPSS
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user...
7.5CVSS
7.5AI Score
0.0004EPSS
CVE-2023-25178 Controller design flaw - unsigned firmware
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and...
9.8CVSS
9.9AI Score
0.003EPSS
MM-email2image <= 0.2.5 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
9AI Score
0.0004EPSS
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache...
7.2AI Score
0.002EPSS
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-010)
The version of kernel installed on the remote host is prior to 5.4.162-86.275. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-010 advisory. A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler...
7CVSS
6.8AI Score
0.004EPSS
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.6AI Score
0.0004EPSS
The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through...
4.3CVSS
4.9AI Score
0.0004EPSS
Apache Tomcat 9.0.0.M1 < 9.0.5 Insecure CGI Servlet Search Algorithm Description Weakness
The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.5. It is, therefore, affected by a security constraints flaw which could expose resources to unauthorized users.); # http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.5 ...
6.5CVSS
7.1AI Score
0.002EPSS
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache...
6.8AI Score
0.002EPSS
About the security content of macOS Monterey 12.7.5
About the security content of macOS Monterey 12.7.5 This document describes the security content of macOS Monterey 12.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
7.8CVSS
7.6AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: python-django-4.2.11-2.fc39
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself)...
7.5CVSS
7.3AI Score
0.001EPSS
Issue Overview: 2024-06-06: CVE-2021-47006 was added to this advisory. 2024-05-23: CVE-2021-47013 was added to this advisory. 2024-05-23: CVE-2021-46960 was added to this advisory. 2024-05-23: CVE-2021-47166 was added to this advisory. 2024-05-23: CVE-2021-46955 was added to this advisory....
7.8CVSS
7.6AI Score
0.001EPSS
RHEL 6 : procps-ng,_procps (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) procps-ng, procps is vulnerable to...
7.5AI Score
0.006EPSS
Cisco IOS XE Software Overlay Transport Virtualization (OTV) DoS
The remote Cisco device is affected by a denial of service vulnerability due to improper processing of oversized Overlay Transport Virtualization (OTV) frames. An unauthenticated, adjacent attacker can exploit this, by sending a large number of oversized OTV frames requiring fragmentation and...
6.8AI Score
0.002EPSS
A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code. Mitigation Exercise caution when cloning...
8.1CVSS
7.4AI Score
0.0004EPSS