Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local...
7.7AI Score
0.0004EPSS
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local...
7.3AI Score
0.0004EPSS
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local...
6.3AI Score
0.0004EPSS
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...
7AI Score
0.001EPSS
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local...
7.6AI Score
0.0004EPSS
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local...
6.8AI Score
0.0004EPSS
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...
6.8AI Score
0.001EPSS
7.3AI Score
0.001EPSS
Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local...
7.1AI Score
0.0004EPSS
Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local...
6.8AI Score
0.0004EPSS
Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local...
7.4AI Score
0.0004EPSS
Mitsubishi Electric MELSEC iQ-R Series Insufficiently Protected Credentials (CVE-2021-20597)
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining...
8.5AI Score
Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network...
7.4AI Score
0.002EPSS
Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...
8.8CVSS
7.2AI Score
0.0004EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094-info CVE-2024-3094 PoC Exploration...
9.9AI Score
0.133EPSS
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...
7.1AI Score
0.001EPSS
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...
7.2AI Score
0.001EPSS
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username...
5.4AI Score
0.002EPSS
An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash...
6.5AI Score
0.001EPSS
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user...
6.4CVSS
7.4AI Score
0.0004EPSS
Exploit for Vulnerability in Microsoft
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control...
8.1AI Score
0.005EPSS
Exploit for Uncontrolled Resource Consumption in Apache Log4J
POC for CVE-2021-44228 This python script was created while...
10AI Score
0.976EPSS
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...
7.1AI Score
0.002EPSS
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R...
7.7AI Score
0.0004EPSS
slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An....
6.9AI Score
0.001EPSS
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...
5.2AI Score
0.0004EPSS
Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor
CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...
9.5AI Score
0.084EPSS
Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor
CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...
9.5AI Score
0.084EPSS
Hipcam RealServer/V1.0 RTSP Format Validation Vulnerability...
7.2AI Score
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r--r--. This means that any...
3.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to...
6.5AI Score
0.0004EPSS
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not...
7.1AI Score
0.001EPSS
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment...
5.9AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Lenovo Diagnostics
CVE-2022-3699 Incorrect access control for the Lenovo...
7.9AI Score
0.002EPSS
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via...
6AI Score
0.001EPSS
7.9AI Score
0.975EPSS
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may.....
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.....
9.8CVSS
9.7AI Score
0.001EPSS
Issue Overview: 2024-05-09: CVE-2021-33117 was added to this advisory. Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. (CVE-2021-33117) A flaw was....
7.1AI Score
0.0005EPSS
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki...
6.7AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to...
6.3AI Score
0.0004EPSS
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...
7.4AI Score
0.001EPSS
Exploit for Path Traversal in Grafana
CVE-2021-43798 – Grafana Exploit About This is a...
0.6AI Score
0.975EPSS
Exploit for Command Injection in Chamilo
CVE-2023-34960 Mass unauthenticated command injection...
9.7AI Score
0.934EPSS
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used......
9.8CVSS
9.7AI Score
0.001EPSS
8.2AI Score
0.975EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400 Finding Palo Alto devices...
9.8AI Score
0.957EPSS
This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...
7.3AI Score
0.001EPSS
7.4AI Score
A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...
6.3CVSS
7.9AI Score
0.0004EPSS