Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which...
7.6CVSS
6.9AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...
8.6CVSS
8.5AI Score
0.0005EPSS
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on...
5.5CVSS
5.4AI Score
0.0004EPSS
Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the...
4.8CVSS
5.4AI Score
0.001EPSS
5.5CVSS
6.6AI Score
0.0004EPSS
5.5CVSS
6.5AI Score
0.0004EPSS
Apport argument parsing mishandles filename splitting on older kernels resulting in argument...
5.5CVSS
6.6AI Score
0.0004EPSS
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on....
5.5CVSS
5.4AI Score
0.001EPSS
Exploit for Integer Overflow or Wraparound in Microsoft
CVE-2023-21823 Reverse Shell for Windows This repository...
7.8CVSS
9.1AI Score
0.653EPSS
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution......
7.5CVSS
7.5AI Score
0.001EPSS
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a...
10CVSS
9.3AI Score
0.006EPSS
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and.....
4.3CVSS
0.0004EPSS
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and.....
4.3CVSS
6.5AI Score
0.0004EPSS
5.5CVSS
6.5AI Score
0.0004EPSS
An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by...
6.5CVSS
6.1AI Score
0.001EPSS
md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted...
9.8CVSS
9.6AI Score
0.002EPSS
7.1CVSS
6.6AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through...
7.5CVSS
7.5AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...
8.6CVSS
8.5AI Score
0.0005EPSS
An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by...
6.5CVSS
6.1AI Score
0.001EPSS
CVE-2024-32822 WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
SP Project & Document Manager <= 4.69 - Missing Authorization
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an.....
6.3CVSS
6.5AI Score
0.0004EPSS
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246-mitigation This project is a Maven-based...
9.8CVSS
7.2AI Score
0.973EPSS
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states th...
9.1CVSS
9.2AI Score
0.002EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...
10CVSS
9.6AI Score
0.001EPSS
Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through...
7.3CVSS
5.3AI Score
0.0005EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...
7.5CVSS
7.5AI Score
0.001EPSS
The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
0.0004EPSS
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through...
9.1CVSS
7.3AI Score
0.0005EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
8.8AI Score
0.001EPSS
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...
6.4CVSS
7.1AI Score
0.0004EPSS
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived.....
9.8CVSS
9.5AI Score
0.025EPSS
CVE-2024-39303 Weblate vulnerabler to improper sanitization of project backups
Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a...
4.4CVSS
EPSS
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
7.5CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
6.8AI Score
0.001EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...
5.3CVSS
5.4AI Score
0.0005EPSS
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7...
6.1CVSS
6AI Score
0.001EPSS
9.8CVSS
8.4AI Score
EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
HackerOne: Able to Create Testimonials for myself using Sandbox
Summary: Recently you allowed us to give testimonials for the sandbox reports which is Vulnerable and allows all the researcher to control their Testimonials for their benefit t. Description: When a report is closed as resolved we are given the option of "This hacker is eligible for a...
7AI Score
Unlimited number of NTS-KE connections can crash ntpd-rs server
Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...
7.5CVSS
7AI Score
0.0004EPSS
The EmbedSocial – Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.8AI Score
0.0004EPSS
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a...
7.5CVSS
7.4AI Score
0.002EPSS
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to...
9.8CVSS
9.3AI Score
0.001EPSS
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is...
8.8CVSS
8.9AI Score
0.003EPSS
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is...
8.8CVSS
8.9AI Score
0.003EPSS
Reviews Plus < 1.3.5 - Missing Authorization to Notice Dismissal
Description The Reviews Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_hide_revs_translation_notice() function in versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with...
4.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-29095 WordPress Site Reviews plugin <= 6.11.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Ryley Site Reviews allows Stored XSS.This issue affects Site Reviews: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program...
5.5CVSS
5.5AI Score
0.0004EPSS