Disclaimer This script is for educational and testing purposes...
9.8CVSS
9.7AI Score
0.973EPSS
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: harden netfront against event channel storms The Xen netfront driver is still vulnerable for an attack via excessive number of events sent by the backend. Fix that by using lateeoi event channels. For being able...
7AI Score
0.0004EPSS
JavaScript Code with variable containing underscore does not work
h3. Issue Summary JavaScript Code with a variable containing an underscore does not work in * Page Template * HTML macro * 3rd Party Plugin (Script Runner) h3. Steps to Reproduce Sample code block: {code:java} $test $test_1 $("input[name='variableValues.test']").change(function (){...
0.8AI Score
(RHSA-2024:1141) Moderate: mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql: Server: DDL unspecified vulnerability (CPU Apr...
8AI Score
0.002EPSS
Exploit for NULL Pointer Dereference in Gpac
CVE-2023-4683-Test This repo holds an easy to use POC for...
5.5CVSS
7.4AI Score
0.0004EPSS
Exploit for OS Command Injection in Php
How the Script Works: - Input Prompt: The script prompts the...
7.5AI Score
This repository builds up a vulnerable HTTP2 Node.js server...
8.2CVSS
7.1AI Score
0.0004EPSS
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded.....
8.1CVSS
7.3AI Score
0.001EPSS
Exploit for Allocation of Resources Without Limits or Throttling in Redhat Enterprise Linux
CVE-2023-50387 KeyTrap in DNS (CVE-2023-50387) This...
7.5CVSS
7.6AI Score
0.05EPSS
PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component...
7.5CVSS
7.2AI Score
0.001EPSS
8.2AI Score
0.0004EPSS
Exploit for Code Injection in Vmware Spring Framework
Spring4Shell - PoC CVE - 2022 - 22965 Versions affected...
9AI Score
A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...
5.4CVSS
6.2AI Score
0.001EPSS
In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.8AI Score
0.0004EPSS
(RHSA-2024:0894) Moderate: mysql:8.0 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql: Server: DDL unspecified vulnerability (CPU Apr...
8AI Score
0.002EPSS
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...
8.6CVSS
7.4AI Score
0.001EPSS
Exploit for Server-Side Request Forgery in Apache Http Server
CVE-2021-40438 Apache forward request CVE...
9CVSS
0.3AI Score
0.971EPSS
[SECURITY] Fedora 39 Update: python3.6-3.6.15-28.fc39
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software.....
7.8CVSS
7.4AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the...
6.5AI Score
0.0004EPSS
(RHSA-2024:3500) Moderate: ruby:3.0 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...
6.9AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: xen/console: harden hvc_xen against event channel storms The Xen console driver is still vulnerable for an attack via excessive number of events sent by the backend. Fix that by using a lateeoi event channel. For the normal...
6.9AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"> leads to cross site scripting. T...
3.5CVSS
4AI Score
0.0004EPSS
Exploit for Improper Authentication in Ivanti Connect Secure
🚨 CVE-2023-46805 Scanner Tool 🛠️ A robust tool for detecting...
8.2CVSS
7.5AI Score
0.959EPSS
An update is available for keylime. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Keylime is a TPM based highly scalable remote boot attestation and runtime...
2.8CVSS
7.3AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: python3.6-3.6.15-30.fc40
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software.....
7.8CVSS
7.1AI Score
0.0005EPSS
(RHSA-2024:2669) Important: OpenShift Container Platform 4.15.12 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.12. See the following advisory for the container...
8AI Score
0.0005EPSS
[2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves:...
8.1CVSS
6.9AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Vmware Spring For Apache Kafka
CVE-2023-34040 Spring Kafka Deserialization Remote Code...
7.8CVSS
7.8AI Score
0.0004EPSS
PhpMyAdmin <4.8.2 - Local File Inclusion
PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted....
8.8CVSS
8.6AI Score
0.973EPSS
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and...
9.8CVSS
6.5AI Score
0.001EPSS
Mass Auto Scanner for CVE-2024-24919 This script is designed to...
8.6CVSS
6.4AI Score
0.945EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler,.....
6.5AI Score
0.0004EPSS
8.7AI Score
0.001EPSS
9.1CVSS
6.9AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2024-1086 Universal local privilege escalation...
7.8CVSS
7.9AI Score
0.002EPSS
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body...
6.1CVSS
6.4AI Score
0.001EPSS
A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
7.5CVSS
6.9AI Score
0.0004EPSS
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...
3.3CVSS
4.3AI Score
0.0004EPSS
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 This Python script is used to abuse the...
9.8CVSS
9.9AI Score
0.006EPSS
Exploit for Out-of-bounds Write in Kingsoft Internet Security 9 Plus
CVE-2022-25949 A years-old exploit of a local EoP...
7.8CVSS
7.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled...
7.5CVSS
6.2AI Score
0.001EPSS
nfpm has incorrect default permissions
Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files (without extra config...
7.1CVSS
6.7AI Score
0.001EPSS
RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
6.1AI Score
0.0004EPSS
Exploit for Command Injection in Ivanti Connect Secure
🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...
9.1CVSS
8.2AI Score
0.969EPSS
Exploit for Cross-site Scripting in Roundcube Webmail
CVE-2023-43770 POC A Proof-Of-Concept for the recently found...
6.1CVSS
6.1AI Score
0.113EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Vulnerability Details fofa: ``` (title="BIG-IP®" ||...
9.8CVSS
9.6AI Score
0.972EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Vulnerability Details fofa: ``` (title="BIG-IP®" ||...
9.8CVSS
9.6AI Score
0.972EPSS
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and...
6.1CVSS
6.6AI Score
0.0005EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...
10CVSS
9.6AI Score
0.133EPSS