An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML...
6.1AI Score
0.008EPSS
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
7AI Score
0.974EPSS
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...
6.8AI Score
0.003EPSS
BIT-grafana-image-renderer-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized...
7.1AI Score
0.003EPSS
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of....
7.2AI Score
0.975EPSS
Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...
7.7AI Score
0.003EPSS
Badgerboard: A PLC backplane network visibility module
Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another. As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort...
6.8AI Score
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
6.3AI Score
0.0004EPSS
Summary A Minder user can use the endpoints listed in the issue title to access any repository in the DB, irrespective of who owns the repo and any permissions that user may have. Details...
6.6AI Score
0.0004EPSS
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark....
10CVSS
9.4AI Score
0.935EPSS
How Cybercriminals are Exploiting India's UPI for Money Laundering Operations
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha,...
7.4AI Score
BloodHound - Six Degrees Of Domain Admin
BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph...
7.4AI Score
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4414-1)
The remote host is missing an update for...
7.8AI Score
0.017EPSS
openSUSE: Security Advisory for poppler (SUSE-SU-2023:4690-1)
The remote host is missing an update for...
7.2AI Score
0.012EPSS
Ebook Store < 5.8002 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.4AI Score
0.0004EPSS
openSUSE: Security Advisory for trivy (openSUSE-SU-2022:10022-1)
The remote host is missing an update for...
7.8AI Score
0.007EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2022:2424-2)
The remote host is missing an update for...
7.3AI Score
0.007EPSS
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0090-1)
The remote host is missing an update for...
5.2AI Score
0.001EPSS
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0171-1)
The remote host is missing an update for...
5.2AI Score
0.001EPSS
openSUSE: Security Advisory for zabbix (openSUSE-SU-2023:0191-1)
The remote host is missing an update for...
7.6AI Score
0.0004EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0397-1)
The remote host is missing an update for...
9.1AI Score
0.053EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3172-1)
The remote host is missing an update for...
7.5AI Score
0.001EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3377-1)
The remote host is missing an update for...
7.7AI Score
0.008EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2022:0156-1)
The remote host is missing an update for...
7.4AI Score
0.02EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4351-1)
The remote host is missing an update for...
7.9AI Score
0.017EPSS
openSUSE: Security Advisory for iperf (SUSE-SU-2023:3887-1)
The remote host is missing an update for...
7.8AI Score
0.002EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4343-1)
The remote host is missing an update for...
7.8AI Score
0.017EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4378-1)
The remote host is missing an update for...
7.9AI Score
0.017EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4345-1)
The remote host is missing an update for...
7.9AI Score
0.017EPSS
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3313-1)
The remote host is missing an update for...
7.7AI Score
0.008EPSS
openSUSE: Security Advisory for opera (openSUSE-SU-2023:0396-1)
The remote host is missing an update for...
9.1AI Score
0.053EPSS
openSUSE: Security Advisory for the Linux Kernel (Live Patch 7 for SLE 15 SP4) (SUSE-SU-2024:0421-1)
The remote host is missing an update for...
8.1AI Score
0.017EPSS
7.4AI Score
Introducing Tiny File Manager [WH1Z-Edition], the compact and efficient solution for managing your files and folders with enhanced privacy and security features. Gone are the days of relying on external resources – I've stripped down the code to its core, making it truly lightweight and perfect...
7.8AI Score
7.4AI Score
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
9.9AI Score
0.052EPSS
6AI Score
0.001EPSS
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
7.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.5AI Score
0.0004EPSS
CVE-2023-52477 usb: hub: Guard against accesses to uninitialized BOS descriptors
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If...
6.1AI Score
0.0004EPSS
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
5.3CVSS
6.9AI Score
0.0004EPSS
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
5.3CVSS
6.9AI Score
0.0004EPSS
CentOS 9 : kernel-5.14.0-347.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-347.el9 build changelog. A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device...
9.3AI Score
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-26.el9 build changelog. A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on...
8.2AI Score
CentOS 9 : NetworkManager-1.43.10-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the NetworkManager-1.43.10-1.el9 build changelog. It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path...
6.5AI Score
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-20.el9 build changelog. An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...
7.3AI Score
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the runc-1.1.7-2.el9 build changelog. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as...
7.7AI Score