A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit...
7.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated...
6.3CVSS
8AI Score
0.0004EPSS
Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands (CVE-2024-27260). Vulnerability Details ** CVEID: CVE-2024-27260 DESCRIPTION: **IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout...
7.3AI Score
0.0004EPSS
CVE-2024-4920 SourceCodester Online Discussion Forum Site registerH.php unrestricted upload
A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerH.php. The manipulation of the argument ima leads to unrestricted upload. The attack may be initiated remotely. The exploit...
7.3AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2024-1655)
The remote host is missing an update for the Huawei...
7.2AI Score
0.001EPSS
K000139630: Expat vulnerability CVE-2023-52425
Security Advisory Description libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. (CVE-2023-52425) Impact An attacker may be able to cause an increase in memory...
6AI Score
0.001EPSS
K000139652: Intel CPU vulnerability CVE-2023-23583
Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....
6.5AI Score
0.0004EPSS
7.1AI Score
0.0005EPSS
K000139653: Intel(R) QAT Library vulnerability CVE-2023-22313
Security Advisory Description Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-22313) Impact There is no impact; F5 products are not affected by this...
5.9AI Score
0.0004EPSS
Pk Favicon Manager <=2.1 - Authenticated (Admin+) Arbitrary File Upload
Description The Pk Favicon Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on....
8AI Score
0.0004EPSS
Shared Files < 1.7.20 - Missing Authorization
Description The Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.19. This makes it possible for...
7AI Score
WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload
Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload.....
8.2AI Score
0.0004EPSS
Vulnerability of Less, a utility for UNIX-like text terminals, is related to incorrect processing of quotation marks in filename.c file. quotes in the filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary...
6.9AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2024-1665)
The remote host is missing an update for the Huawei...
7.2AI Score
0.027EPSS
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1647)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
Description The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 1.1.35 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
K000139643: Node-tar vulnerability CVE-2024-28863
Security Advisory Description node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash...
6AI Score
0.0004EPSS
K000139646: MySQL Server vulnerabilities CVE-2024-21052 and CVE-2024-21053
Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
5.7AI Score
0.0004EPSS
[115.11.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.11.0-1] - Update to 115.11.0...
6.5AI Score
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe - Linux...
7.6AI Score
0.0004EPSS
canvasio3D Light <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload
Description The canvasio3D Light plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on...
8AI Score
0.0004EPSS
Barcode Scanner with Inventory & Order Manager < 1.5.5 - Unauthenticated Information Exposure
Description The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.4 via exported files. This makes it possible for...
7AI Score
0.0004EPSS
AI Engine: ChatGPT Chatbot < 2.2.70 - Authenticated (Editor+) Arbitrary File Upload
Description The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2.63. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected....
8AI Score
0.0004EPSS
[115.11.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.11.0-1] - Update to 115.11.0...
6.4AI Score
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2024-1671)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-kvm - Linux kernel for cloud environments linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty Details Zheng Wang discovered that...
5.9AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2024-1645)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
Security Vulnerabilities fixed in Focus for iOS 126 — Mozilla
The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location...
6.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1651)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
Barcode Scanner with Inventory & Order Manager < 1.5.5 - Cross-Site Request Forgery
Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on the pageSettingsUpdate() function. This makes it possible for...
6.6AI Score
0.0004EPSS
Description The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...
5.9AI Score
0.0004EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-6.5 - Linux kernel for...
6.5AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for gdb (EulerOS-SA-2024-1648)
The remote host is missing an update for the Huawei...
7.1AI Score
0.001EPSS
K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383
Security Advisory Description CVE-2023-24592 Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some...
6.5AI Score
0.0004EPSS
K000139637: Expat vulnerability CVE-2024-28757
Security Advisory Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). (CVE-2024-28757) Impact An attacker may be able to use an XML Entity Expansion attack, consuming all system...
5.8AI Score
0.0004EPSS
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...
7.1AI Score
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target...
7.4AI Score
CVE-2024-4919 Campcodes Online Examination System addCourseExe.php sql injection
A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated...
6.9AI Score
0.0004EPSS
A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. This affects an unknown part of the file updateQuestion.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
6.3CVSS
7.9AI Score
0.0004EPSS
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation of the argument exmne_id leads to sql injection. The attack may be launched remotely. The exploit.....
6.3CVSS
7.9AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file selExamAttemptExe.php. The manipulation of the argument thisId leads to sql injection. The attack can be launched remotely....
6.3CVSS
7.9AI Score
0.0004EPSS
Monolog Header injection in NativeMailerHandler
A header injection vulnerability has been identified in the NativeMailerHandler of the Monolog library. This vulnerability may allow an attacker to manipulate email headers when log messages are sent via...
7.3AI Score
Monolog Header injection in NativeMailerHandler
A header injection vulnerability has been identified in the NativeMailerHandler of the Monolog library. This vulnerability may allow an attacker to manipulate email headers when log messages are sent via...
7.3AI Score
CVE-2024-4918 Campcodes Online Examination System updateQuestion.php sql injection
A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. This affects an unknown part of the file updateQuestion.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
6.9AI Score
0.0004EPSS
CVE-2024-4917 Campcodes Online Examination System submitAnswerExe.php sql injection
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation of the argument exmne_id leads to sql injection. The attack may be launched remotely. The exploit.....
6.8AI Score
0.0004EPSS
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the...
7.3AI Score
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the...
7.3AI Score
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: ...
8.8AI Score
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Magento Commerce 1.14.3.9 and Open Source 1.9.3.9 bring essential security enhancements with Patch SUPEE-10752. These updates address various vulnerabilities, including authenticated Admin user remote code execution (RCE), cross-site request forgery (CSRF), and more. Key Security Improvements: ...
8.8AI Score
CVE-2024-4916 Campcodes Online Examination System selExamAttemptExe.php sql injection
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file selExamAttemptExe.php. The manipulation of the argument thisId leads to sql injection. The attack can be launched remotely....
6.9AI Score
0.0004EPSS