Lucene search

K

* Security Vulnerabilities

cve
cve

CVE-2024-20769

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

5.4CVSS

5.1AI Score

0.0005EPSS

2024-06-13 08:15 AM
23
cve
cve

CVE-2024-4576

The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive...

6.3AI Score

0.0004EPSS

2024-06-13 07:15 AM
24
cve
cve

CVE-2024-5265

The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 07:15 AM
22
cve
cve

CVE-2024-5787

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-13 06:15 AM
25
cve
cve

CVE-2024-4149

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

5.4AI Score

0.0004EPSS

2024-06-13 06:15 AM
27
cve
cve

CVE-2024-5757

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-13 06:15 AM
21
cve
cve

CVE-2024-5661

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or...

6.5AI Score

0.0004EPSS

2024-06-13 06:15 AM
23
cve
cve

CVE-2024-4145

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site...

7.2AI Score

0.0004EPSS

2024-06-13 06:15 AM
28
cve
cve

CVE-2024-3032

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect...

6.4AI Score

0.0004EPSS

2024-06-13 06:15 AM
28
cve
cve

CVE-2024-3552

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...

7.2AI Score

0.001EPSS

2024-06-13 06:15 AM
38
cve
cve

CVE-2024-2762

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...

5.7AI Score

0.0004EPSS

2024-06-13 06:15 AM
21
cve
cve

CVE-2024-2098

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected...

7.5CVSS

7.4AI Score

0.001EPSS

2024-06-13 06:15 AM
23
cve
cve

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

10CVSS

9.7AI Score

0.001EPSS

2024-06-13 02:15 AM
27
cve
cve

CVE-2024-1963

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-12 11:15 PM
28
cve
cve

CVE-2024-4201

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...

4.4CVSS

4.3AI Score

0.0004EPSS

2024-06-12 11:15 PM
191
cve
cve

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration.....

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-12 11:15 PM
26
cve
cve

CVE-2024-1495

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-12 11:15 PM
26
cve
cve

CVE-2024-3468

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...

7.3AI Score

0.0004EPSS

2024-06-12 09:15 PM
29
cve
cve

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an...

7.3AI Score

0.0004EPSS

2024-06-12 09:15 PM
27
cve
cve

CVE-2024-5798

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

2.6CVSS

3.9AI Score

0.0004EPSS

2024-06-12 07:15 PM
297
cve
cve

CVE-2024-31881

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-12 07:15 PM
24
cve
cve

CVE-2023-29267

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: ...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-06-12 07:15 PM
22
cve
cve

CVE-2024-5559

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the...

6.1CVSS

6.5AI Score

0.0004EPSS

2024-06-12 06:15 PM
23
cve
cve

CVE-2024-28762

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: ...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-12 06:15 PM
24
cve
cve

CVE-2024-2747

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the...

7.8CVSS

7.9AI Score

0.0004EPSS

2024-06-12 06:15 PM
24
cve
cve

CVE-2024-0865

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative...

7.8CVSS

6.8AI Score

0.001EPSS

2024-06-12 06:15 PM
23
cve
cve

CVE-2024-5906

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to....

5.5AI Score

0.0004EPSS

2024-06-12 05:15 PM
23
cve
cve

CVE-2024-5908

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...

6.4AI Score

0.0004EPSS

2024-06-12 05:15 PM
26
cve
cve

CVE-2024-5909

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious...

6.3AI Score

0.0004EPSS

2024-06-12 05:15 PM
28
cve
cve

CVE-2024-5907

A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability...

7AI Score

0.0004EPSS

2024-06-12 05:15 PM
26
cve
cve

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-12 05:15 PM
23
cve
cve

CVE-2024-5898

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 05:15 PM
21
cve
cve

CVE-2024-5905

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this...

6.3AI Score

0.0004EPSS

2024-06-12 05:15 PM
24
cve
cve

CVE-2024-5558

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin...

6.4CVSS

7.3AI Score

0.0004EPSS

2024-06-12 05:15 PM
22
cve
cve

CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller...

4.5CVSS

6.9AI Score

0.0004EPSS

2024-06-12 05:15 PM
22
cve
cve

CVE-2024-37040

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-12 05:15 PM
25
cve
cve

CVE-2024-37038

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-12 05:15 PM
21
cve
cve

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-06-12 05:15 PM
21
cve
cve

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP...

8.1CVSS

8.1AI Score

0.0004EPSS

2024-06-12 05:15 PM
22
cve
cve

CVE-2024-37036

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are...

9.8CVSS

9.6AI Score

0.0004EPSS

2024-06-12 05:15 PM
23
cve
cve

CVE-2024-5897

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=log_visitor. The manipulation of the argument name leads to cross site...

4.3CVSS

4.5AI Score

0.0004EPSS

2024-06-12 04:15 PM
22
cve
cve

CVE-2024-5896

A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the...

7.3CVSS

7.5AI Score

0.0004EPSS

2024-06-12 04:15 PM
22
cve
cve

CVE-2024-37300

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with GlobusOAuthenticator, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because allow_al...

8.1CVSS

7.9AI Score

0.0004EPSS

2024-06-12 04:15 PM
23
cve
cve

CVE-2024-5759

An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-12 04:15 PM
24
cve
cve

CVE-2024-1891

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result...

3.5CVSS

4AI Score

0.0004EPSS

2024-06-12 04:15 PM
21
cve
cve

CVE-2024-5895

A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects the function delete_users of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 03:15 PM
20
cve
cve

CVE-2024-5893

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=delete_client. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-06-12 03:15 PM
21
cve
cve

CVE-2024-5894

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

7.3CVSS

7AI Score

0.0004EPSS

2024-06-12 03:15 PM
19
cve
cve

CVE-2024-36265

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....

6.5AI Score

0.0004EPSS

2024-06-12 03:15 PM
23
cve
cve

CVE-2024-37304

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

6.1CVSS

5.9AI Score

0.0004EPSS

2024-06-12 03:15 PM
21
Total number of security vulnerabilities237501