ruby [3.0.7-143] - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 [3.0.7-142] - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS...
8.8CVSS
7.1AI Score
EPSS
Oracle WebLogic Web Services Test Client Detection
Oracle WebLogic Web services test client was detected on the remote...
1.3AI Score
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
5.3CVSS
5.6AI Score
0.001EPSS
A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential...
7.3AI Score
EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
[![Download](https://img.shields.io/github/v/release/rakutentech......
9AI Score
Malicious code in test-poc2 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (70d622822e0356b992f815ba0a803ee7598a5ff51894216a53a95ac034ca1185) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in test-poc3 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0dd2e1b9551e2d05eb6769e870035396fbdd5bd09b3116b00901a73cb9e64859) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
test-hi.hawk.de Cross Site Scripting vulnerability OBB-3885675
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
test-hi.hawk.de Cross Site Scripting vulnerability OBB-3901472
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
python39:3.9 and python39-devel:3.9 security update
An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...
7.8CVSS
7.7AI Score
EPSS
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....
7.5CVSS
7.4AI Score
0.001EPSS
Exploit for OS Command Injection in Php
Orange Tsi 🍊 This vulnerability was found by Orange Tsai...
9.8CVSS
9.9AI Score
0.967EPSS
An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system...
8CVSS
7.8AI Score
0.001EPSS
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or...
6CVSS
7AI Score
0.0004EPSS
Exploit for Heap-based Buffer Overflow in Microsoft
libarchive-harness-win - CVE-2024-20696 Blog post:...
7.3CVSS
6.3AI Score
0.003EPSS
A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is...
8.8CVSS
8.5AI Score
0.001EPSS
Exploit for OS Command Injection in Php
Orange Tsi 🍊 This vulnerability was found by Orange Tsai...
9.8CVSS
9.9AI Score
0.967EPSS
8.6AI Score
Malicious code in @ssr-frontend/test-poc3 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (03b39fa743b5b3cc6ff2265f4913473e51a661ac1f7d41f7855e4ced61af77aa) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in...
5.3CVSS
5AI Score
0.001EPSS
Exploit for Path Traversal in Vmware Cloud Foundation
CVE-2021-21972 CVE-2021-21972 Works On ...
9.8CVSS
9.9AI Score
0.973EPSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...
5.4CVSS
0.0005EPSS
(RHSA-2024:2246) Moderate: ansible-core bug fix, enhancement, and security update
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to....
6.9AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...
7.8CVSS
8.7AI Score
0.001EPSS
(RHSA-2024:3466) Important: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.2AI Score
EPSS
GeoServer JAI-EXT extension command injection
Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...
8AI Score
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...
5.4CVSS
6AI Score
0.0005EPSS
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-644)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-644 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, >, or...
6.1CVSS
6.4AI Score
0.001EPSS
ansible-core bug fix, enhancement, and security update
[1:2.14.14-1] - ansible-core 2.14.14 release (RHEL-23783) - Fix CVE-2024-0690 (possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration) (RHEL-22124) [1:2.14.13-1] - ansible-core 2.14.13 release (RHEL-19298) [1:2.14.12-1] - ansible-core 2.14.12 release...
5.5CVSS
7AI Score
0.0004EPSS
Exploit for Integer Overflow or Wraparound in Microsoft
CVE-2023-21716_exploit test of...
9.8CVSS
9.6AI Score
0.454EPSS
python39:3.9 and python39-devel:3.9 security update
mod_wsgi numpy python39 [3.9.19-1] - Update to 3.9.19 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33676, RHEL-33688 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography...
7.8CVSS
7.2AI Score
EPSS
7.8CVSS
8AI Score
0.192EPSS
8.6AI Score
Apache ActiveMQ Web Console Test Pages Information Disclosure
The Apache ActiveMQ Web Console running on the remote host is leaking information via its test pages. The ActiveMQ Web Console allows unrestricted, unauthenticated access by default, and the test pages are used for testing the environment and web framework. One of the included test pages,...
7.2AI Score
test-b2b-gdm-figaro1.pantheonsite.io Cross Site Scripting vulnerability OBB-3884756
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...
5.4CVSS
5.2AI Score
0.0004EPSS
Malwarebytes Premium Security stops 100% of malware during AV Lab test
Malwarebytes Premium Security has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...
7AI Score
**This repository is provided AS IS to accompany [a Meta Red...
7.8CVSS
7.8AI Score
0.0004EPSS
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...
5.4CVSS
5.3AI Score
0.0004EPSS
[3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-20233 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves:...
5.3CVSS
7.3AI Score
0.001EPSS
CVE-2024-20356 This is a proof of concept for CVE-2024-20356,...
7.7AI Score
Exploit for Use After Free in Linux Linux Kernel
CVE-2022-32250-Linux-Kernel-LPE Demo Video...
7.8CVSS
7.5AI Score
0.001EPSS
IceWarp Email Client - Cross Site Scripting
Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid...
6.1CVSS
6.4AI Score
0.088EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...
6.3AI Score
EPSS
Moderate: ruby:3.3 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...
7AI Score
EPSS
(RHSA-2024:2292) Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
8.7AI Score
0.001EPSS
PDF.js Vulnerability Demo Project This project is intended to...
7.2AI Score
9.2AI Score
Moderate: ruby:3.0 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...
8.8CVSS
6.7AI Score
EPSS
(RHSA-2024:2985) Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
6.9AI Score
0.005EPSS