Exploit for Deserialization of Untrusted Data in Apache Log4J
Vm4J A tool for detect vmware product log4j vulnerability....
8.8AI Score
Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure
The version of IntegraXor installed on the remote host is a version prior to 4.1 Build 4369. It is, therefore, reportedly affected by an information disclosure vulnerability due to credentials being stored in plaintext. An attacker can potentially exploit this vulnerability to disclose credentials....
3.5AI Score
uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should....
8.8CVSS
8.9AI Score
0.006EPSS
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version...
6.1CVSS
6AI Score
0.001EPSS
CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another...
6.5AI Score
0.0004EPSS
CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another...
6.6AI Score
0.0004EPSS
SP Project & Document Manager <= 4.71 - Data Update via IDOR
Description The plugin is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...
6.7AI Score
0.0004EPSS
CVE-2024-5519 ItsourceCode Learning Management System Project In PHP login.php sql injection
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...
7.3CVSS
7.6AI Score
0.0004EPSS
CVE-2024-5519 ItsourceCode Learning Management System Project In PHP login.php sql injection
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...
7.3CVSS
7.6AI Score
0.0004EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ncast Project Ncast
cve-2024-0305exp cve-2024-0305可用的exp,如需引用请转明出处,感谢! 0x01...
7.5CVSS
6.8AI Score
0.01EPSS
Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting
h3. Issue Summary When using the open-source [Jira Python library|https://github.com/pycontribs/jira] to make REST API calls to Jira, if [cookie-based authentication|https://jira.readthedocs.io/examples.html#cookie-based-authentication] is used then Jira's rate limits will be bypassed. This can...
6.9AI Score
A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue....
7.5CVSS
7.5AI Score
0.008EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....
7.5CVSS
7.6AI Score
0.0004EPSS
Malicious code in webpack-cli.legacy (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (22737261df7f74819a3f3f968e6516db5e37f6621827d6148b290f7650b9992f) The OpenSSF Package Analysis project identified 'webpack-cli.legacy' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....
7.1AI Score
Malicious code in fkletbbpoc (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (125b0aa54538899871c0071ae4b76678012092032ff03d6ad08c4ecf1a2fc7d7) The OpenSSF Package Analysis project identified 'fkletbbpoc' @ 0.0.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in commentrating (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (87db588ebd8e7a42cbbbbf7fc21caa36fc553172a0ff4c4e9a58ce9354d62e7f) The OpenSSF Package Analysis project identified 'commentrating' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in verycoolzpac2 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (50b609e8ebccac67716745b1447224238ae17c0a78499f90c48aa684d971cded) The OpenSSF Package Analysis project identified 'verycoolzpac2' @ 0.0.3 (npm) as malicious. It is considered malicious because: - The package...
6.9AI Score
Malicious code in idcs-dialog (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1f9e71c07d690c8293d57afe2530d560684f82b76c844f9904256c1d330fc5af) The OpenSSF Package Analysis project identified 'idcs-dialog' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public...
7.5CVSS
6.6AI Score
0.001EPSS
Malicious code in falsepositivecheck6969 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (cef392714b654bd14df8ba24c491e8844b54e08fee392bff62632f7f3e5d6fa1) The OpenSSF Package Analysis project identified 'falsepositivecheck6969' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The...
7.1AI Score
Malicious code in zsbpwebsdktest (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (347bc418b55e9092cd6a48ff3f93f328085fa2c4192ba6dc2c5cf062c3d10c20) The OpenSSF Package Analysis project identified 'zsbpwebsdktest' @ 9999.99.91 (npm) as malicious. It is considered malicious because: - The package....
7.1AI Score
Malicious code in zsbpwebsdk (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bf63d69adabe277a69df70ff7c39dd42b81fad4f512f8204458dc438d7edfb7d) The OpenSSF Package Analysis project identified 'zsbpwebsdk' @ 9999.9.9 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in stateful-fastclick (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5a06e5b71a04fa67ca20937e8e438c638644db87d181799a046d22c568e6c4c5) The OpenSSF Package Analysis project identified 'stateful-fastclick' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package.....
7.1AI Score
Malicious code in myattenuator (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ea4131b4858e840e02fe12b2a8719cfe85598245a84e842b917dd595ea1af4e4) The OpenSSF Package Analysis project identified 'myattenuator' @ 1.0.0 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in policycms (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (6fcf99ac2d853174c6d17fd728c94d9fd33306bddfc79312ba47ffe026e42606) The OpenSSF Package Analysis project identified 'policycms' @ 1.0.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in back-alley (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (83d1eb07b6ba84ecc98bdd4ad2a1313b540e69509c08d8d66f4b2fe54a1986a7) The OpenSSF Package Analysis project identified 'back-alley' @ 1.1.0 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in confusedatma (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5708cd21986870186d2bf74eddcd5583472dd093668db44c4be3d889ce1417df) The OpenSSF Package Analysis project identified 'confusedatma' @ 9.9.9 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to...
4.3CVSS
6.3AI Score
0.0004EPSS
GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is...
6.1CVSS
5.9AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user...
8.1CVSS
6.8AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through...
7.6CVSS
7.8AI Score
0.0004EPSS
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to...
8.1CVSS
7.7AI Score
0.001EPSS
Malicious code in smart-commons (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3d5cef67a87cd4a497f6879379a3829535212f7d703197ce6d3130dd03fd2da6) The OpenSSF Package Analysis project identified 'smart-commons' @ 19.6.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in plain-function (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (2e38d4006afc6d5a3ce531ced341af81b57134a68230e68e52122825f587260e) The OpenSSF Package Analysis project identified 'plain-function' @ 20.1.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in links-3 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (870f8306aa2e95828fa2fdd771044248f7d5e8e715304b6818773620e5c7a1b2) The OpenSSF Package Analysis project identified 'links-3' @ 9.0.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in spamsynonym (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (bbc650ef44d412610406a674ac1fce3dcb717b01d175614f158016f47b53b1ce) The OpenSSF Package Analysis project identified 'spamsynonym' @ 1.1.1 (pypi) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in com.unity.xrtools.spatial-hash (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (efa5d123e10b0da3ed7e7898101f41654aa13a572def7acb40b838e0ef88e74b) The OpenSSF Package Analysis project identified 'com.unity.xrtools.spatial-hash' @ 2.0.0 (npm) as malicious. It is considered malicious because: -.....
7.1AI Score
Malicious code in bageth (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e0fb8d217f32446aeb4dbf744d45c5aadd152f0917a228ead1ad0183ac18b995) The OpenSSF Package Analysis project identified 'bageth' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package communicates...
7.1AI Score
Malicious code in kiln-desktop (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ef3b624dee4eb3ef776b321ad28eddf3bc2d6cde2852fdcb47b0ef795047c6bf) The OpenSSF Package Analysis project identified 'kiln-desktop' @ 2.2.0 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the...
8.8CVSS
7.8AI Score
0.001EPSS
Malicious code in en-calendar (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0cc66d6eb2f773deb786b69bc29863caf4091bd2bd1f9fe0b7fdaa6fe14aca89) The OpenSSF Package Analysis project identified 'en-calendar' @ 1.0.1 (npm) as malicious. It is considered malicious because: The package executes.....
7.4AI Score
Malicious code in react-green-ui (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3109c997fe1ab2888814f3679bf903a97bce7112d5921a921ae0aea7d787fe3d) The OpenSSF Package Analysis project identified 'react-green-ui' @ 10.0.49 (npm) as malicious. It is considered malicious because: - The package...
7.4AI Score
Malicious code in store-js-sdk (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4462b056f6144f0a42e19147fcc9c5a0277e45631c26bebad88d24513995b773) The OpenSSF Package Analysis project identified 'store-js-sdk' @ 1.0.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Malicious code in com.unity.test-runner-manual-tests (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (85698be2138d279587657502f67090097d4cbbeb4b05a492c63e318fe69f4560) The OpenSSF Package Analysis project identified 'com.unity.test-runner-manual-tests' @ 2.0.0 (npm) as malicious. It is considered malicious...
7.1AI Score
Malicious code in afterpay-sdk-example-server (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (555a159aa3b74ea73f8574c05e14aa536948cbe56b0420bcdcc0daa2a911ae2c) The OpenSSF Package Analysis project identified 'afterpay-sdk-example-server' @ 20.0.0 (npm) as malicious. It is considered malicious because: -...
7.1AI Score
GeoServer JAI-EXT extension command injection
Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...
8AI Score
Malicious code in repsol-uikit (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (0ded61aa0f6be46c0b02bb6eb5deb82d4dd4830e41a76cdf52d9d21576c50c57) The OpenSSF Package Analysis project identified 'repsol-uikit' @ 9.999.0 (npm) as malicious. It is considered malicious because: The package...
7.4AI Score
Malicious code in hydra-consent-app-express (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (44bb7f6bf0f9abc4741ab850705b17f64105e289174cd87fd51831bc95b726c3) The OpenSSF Package Analysis project identified 'hydra-consent-app-express' @ 2.0.0 (npm) as malicious. It is considered malicious because: The...
6.9AI Score
Malicious code in eslint-config-web3-base (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e23c591b583354dc45114b2ff42008dd281f6a57772a8f5f59a249ab89f2fd84) The OpenSSF Package Analysis project identified 'eslint-config-web3-base' @ 0.1.2 (npm) as malicious. It is considered malicious because: The...
6.9AI Score
Malicious code in cyclotron-svc (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4f8b0a1aa798da64bb0b8fd50b7a301eb9c0bec31e520948a8b30275bcbe318b) The OpenSSF Package Analysis project identified 'cyclotron-svc' @ 5.0.0 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score