The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1057 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
7.6AI Score
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. PoC Setup a listener on a localhost/LAN host (such as nc -l 127.0.0.1 9000), then as a contributor, put the...
9.2AI Score
0.0004EPSS
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF...
9.4AI Score
0.0004EPSS
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv() uses the unfiltered server environment variable PATH_INFO, which allows attackers to inject malicious content. In...
8.8CVSS
6AI Score
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed.....
6.5CVSS
7.1AI Score
Insufficiently Protected Credentials vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
7.5CVSS
7.1AI Score
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.When original...
7.5CVSS
6.9AI Score
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML() method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup @keyframes methods. This XSS,...
9.9CVSS
5.2AI Score
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASH_COOKIE_SECRET or REDASH_SECRET_KEY environment variables, a default value is used for both that is the same across all installations. In such cases,....
8.1CVSS
6.8AI Score
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML...
6.1CVSS
6.1AI Score
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
8.6CVSS
7AI Score
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...
6.6CVSS
6.8AI Score
BIT-grafana-image-renderer-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized...
8.3CVSS
7.1AI Score
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of....
9.8CVSS
7.2AI Score
Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...
8.8CVSS
7.7AI Score
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort...
6.8AI Score
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
7.1CVSS
6.3AI Score
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
7.1CVSS
6.6AI Score
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark....
10CVSS
9.4AI Score
0.935EPSS
How Cybercriminals are Exploiting India's UPI for Money Laundering Operations
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha,...
7.4AI Score
BloodHound - Six Degrees Of Domain Admin
BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph...
7.4AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4414-1)
The remote host is missing an update for...
10CVSS
7.8AI Score
Ebook Store < 5.8002 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.9CVSS
5.4AI Score
openSUSE: Security Advisory for trivy (openSUSE-SU-2022:10022-1)
The remote host is missing an update for...
7.5CVSS
7.8AI Score
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0090-1)
The remote host is missing an update for...
6.1CVSS
5.2AI Score
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0171-1)
The remote host is missing an update for...
6.1CVSS
5.2AI Score
openSUSE: Security Advisory for poppler (SUSE-SU-2023:4690-1)
The remote host is missing an update for...
6.5CVSS
7.2AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2022:2424-2)
The remote host is missing an update for...
8.2CVSS
7.3AI Score
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0397-1)
The remote host is missing an update for...
9.6CVSS
9.1AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3172-1)
The remote host is missing an update for...
7.8CVSS
7.5AI Score
openSUSE: Security Advisory for opera (openSUSE-SU-2022:0156-1)
The remote host is missing an update for...
8.8CVSS
7.4AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3377-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
openSUSE: Security Advisory for zabbix (openSUSE-SU-2023:0191-1)
The remote host is missing an update for...
5.4CVSS
7.6AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4351-1)
The remote host is missing an update for...
10CVSS
7.9AI Score
openSUSE: Security Advisory for iperf (SUSE-SU-2023:3887-1)
The remote host is missing an update for...
7.5CVSS
7.8AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4343-1)
The remote host is missing an update for...
10CVSS
7.8AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4378-1)
The remote host is missing an update for...
10CVSS
7.9AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4345-1)
The remote host is missing an update for...
10CVSS
7.9AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3313-1)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
openSUSE: Security Advisory for the Linux Kernel (Live Patch 7 for SLE 15 SP4) (SUSE-SU-2024:0421-1)
The remote host is missing an update for...
9.8CVSS
8.1AI Score
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0396-1)
The remote host is missing an update for...
9.6CVSS
9.1AI Score
7.4AI Score
Introducing Tiny File Manager [WH1Z-Edition], the compact and efficient solution for managing your files and folders with enhanced privacy and security features. Gone are the days of relying on external resources – I've stripped down the code to its core, making it truly lightweight and perfect...
7.8AI Score
7.4AI Score
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
9.8CVSS
9.9AI Score
8.1CVSS
6AI Score
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
7.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.4AI Score
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6AI Score