Lucene search

K

'MyPallete' And Some Of The Android Banking Applications That Use 'MyPallete' Security Vulnerabilities

cve
cve

CVE-2024-37182

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

4.9AI Score

0.0004EPSS

2024-06-14 09:15 AM
10
cve
cve

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-14 09:15 AM
9
osv
osv

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

6.6AI Score

0.0004EPSS

2024-06-14 09:15 AM
nvd
nvd

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

0.0004EPSS

2024-06-14 09:15 AM
1
cve
cve

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

6.3AI Score

0.0004EPSS

2024-06-14 09:15 AM
8
veracode
veracode

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 09:11 AM
cve
cve

CVE-2024-5730

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-14 09:09 AM
3
veracode
veracode

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service (DoS). The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or...

7AI Score

2024-06-14 08:49 AM
1
cvelist
cvelist

CVE-2024-37182 Lack of permissions prompting when opening external URLs

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

0.0004EPSS

2024-06-14 08:39 AM
1
vulnrichment
vulnrichment

CVE-2024-37182 Lack of permissions prompting when opening external URLs

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

7.1AI Score

0.0004EPSS

2024-06-14 08:39 AM
vulnrichment
vulnrichment

CVE-2024-36287 Bypass of TCC restrictions on macOS

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on...

3.8CVSS

6.9AI Score

0.0004EPSS

2024-06-14 08:39 AM
cvelist
cvelist

CVE-2024-36287 Bypass of TCC restrictions on macOS

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on...

3.8CVSS

0.0004EPSS

2024-06-14 08:39 AM
2
cvelist
cvelist

CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-14 08:35 AM
2
vulnrichment
vulnrichment

CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-14 08:35 AM
vulnrichment
vulnrichment

CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

6.3AI Score

0.0004EPSS

2024-06-14 08:25 AM
cvelist
cvelist

CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

0.0004EPSS

2024-06-14 08:25 AM
cvelist
cvelist

CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

0.001EPSS

2024-06-14 08:22 AM
1
veracode
veracode

Path Traversal

org.jenkins-ci.plugins:report-info is vulnerable to Path Traversal. The vulnerability is due to lack of path validation in the workspace directory, allowing attackers with Item/Configure permission to access restricted files on the controller file...

6.6AI Score

0.0004EPSS

2024-06-14 08:21 AM
cve
cve

CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

8.8CVSS

8.8AI Score

0.001EPSS

2024-06-14 08:15 AM
11
nvd
nvd

CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

8.8CVSS

0.001EPSS

2024-06-14 08:15 AM
4
cve
cve

CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version &lt;= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

10AI Score

0.001EPSS

2024-06-14 08:15 AM
12
nvd
nvd

CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version &lt;= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

0.001EPSS

2024-06-14 08:15 AM
4
cve
cve

CVE-2024-5961

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software....

6.3AI Score

0.0004EPSS

2024-06-14 08:15 AM
11
nvd
nvd

CVE-2024-5961

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software....

0.0004EPSS

2024-06-14 08:15 AM
4
nvd
nvd

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

4CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
nvd
nvd

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

5.9CVSS

0.0004EPSS

2024-06-14 08:15 AM
6
cve
cve

CVE-2024-36502

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...

7.9CVSS

7AI Score

0.0004EPSS

2024-06-14 08:15 AM
10
cve
cve

CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...

7.3CVSS

7.1AI Score

0.0004EPSS

2024-06-14 08:15 AM
11
nvd
nvd

CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...

7.3CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
cve
cve

CVE-2024-36501

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...

5.6CVSS

7.1AI Score

0.0004EPSS

2024-06-14 08:15 AM
10
cve
cve

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

4CVSS

7.1AI Score

0.0004EPSS

2024-06-14 08:15 AM
9
nvd
nvd

CVE-2024-36502

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...

7.9CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
cve
cve

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

5.9CVSS

7.2AI Score

0.0004EPSS

2024-06-14 08:15 AM
11
nvd
nvd

CVE-2024-36501

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...

5.6CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
cve
cve

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

6.8CVSS

6.9AI Score

0.0004EPSS

2024-06-14 08:15 AM
13
nvd
nvd

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

6.8CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
nvd
nvd

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

7.8CVSS

0.0004EPSS

2024-06-14 08:15 AM
4
cve
cve

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

7.8CVSS

7.2AI Score

0.0004EPSS

2024-06-14 08:15 AM
13
openbugbounty
openbugbounty

sailwave.com Cross Site Scripting vulnerability OBB-3935003

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 08:10 AM
3
thn
thn

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...

10CVSS

9.6AI Score

0.0004EPSS

2024-06-14 08:09 AM
4
openbugbounty
openbugbounty

ciof.org.uk Cross Site Scripting vulnerability OBB-3935002

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 08:07 AM
1
githubexploit
githubexploit

Exploit for Path Traversal in Solarwinds Serv-U

Exploit For CVE-2024-28995 On June 5, 2024, SolarWinds...

8.6CVSS

7AI Score

0.001EPSS

2024-06-14 08:04 AM
57
cvelist
cvelist

CVE-2024-5961 Reflected XSS in 2ClickPortal

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software....

0.0004EPSS

2024-06-14 07:48 AM
3
vulnrichment
vulnrichment

CVE-2024-5961 Reflected XSS in 2ClickPortal

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software....

6.6AI Score

0.0004EPSS

2024-06-14 07:48 AM
openbugbounty
openbugbounty

victimandwitnesscare.org.uk Cross Site Scripting vulnerability OBB-3935001

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 07:46 AM
1
cvelist
cvelist

CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version &lt;= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

0.001EPSS

2024-06-14 07:31 AM
5
vulnrichment
vulnrichment

CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version &lt;= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on extern...

9.8CVSS

10AI Score

0.001EPSS

2024-06-14 07:31 AM
vulnrichment
vulnrichment

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

5.9CVSS

7AI Score

0.0004EPSS

2024-06-14 07:30 AM
cvelist
cvelist

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

5.9CVSS

0.0004EPSS

2024-06-14 07:30 AM
3
cvelist
cvelist

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

4CVSS

0.0004EPSS

2024-06-14 07:29 AM
3
Total number of security vulnerabilities3419591