Lucene search

K

+F FS040U, +F FS020W, +F FS030W, And +F FS040W Security Vulnerabilities

cve
cve

CVE-2024-0098

NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 02:39 PM
27
cve
cve

CVE-2024-0100

NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. A successful exploit of this vulnerability might lead to denial of service and data...

6.5CVSS

7AI Score

0.0004EPSS

2024-05-14 02:39 PM
27
cve
cve

CVE-2024-0097

NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of...

7.5CVSS

7.2AI Score

0.0004EPSS

2024-05-14 02:39 PM
29
cve
cve

CVE-2024-0096

NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-05-14 02:39 PM
28
cve
cve

CVE-2024-0088

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data...

5.5CVSS

7AI Score

0.0004EPSS

2024-05-14 02:39 PM
29
cve
cve

CVE-2024-0087

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of...

9CVSS

7.6AI Score

0.0004EPSS

2024-05-14 02:39 PM
32
osv
osv

BIT-scylladb-2023-33972

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

2024-05-14 02:38 PM
cve
cve

CVE-2023-6682

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-05-14 02:35 PM
23
cve
cve

CVE-2023-6327

The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-05-14 02:33 PM
23
cvelist
cvelist

Oceanic allows unsanitized user input to lead to path traversal in URLs

Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/{id} being normalized into the url /api/v10/channels/{id}, and deleting a.....

2024-05-14 02:32 PM
1
cve
cve

CVE-2023-5971

The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.8AI Score

0.0004EPSS

2024-05-14 02:31 PM
31
cvelist
cvelist

TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController (eID tx_cms_showpic ) lacks a cryptographic HMAC-signature on the frame HTTP query parameter (e.g....

2024-05-14 02:26 PM
hackread
hackread

DNS Tunneling Used for Stealthy Scans and Email Tracking

By Deeba Ahmed Hackers are hiding malicious messages in everyday internet traffic! Learn how DNS tunneling works and how to protect yourself from this sneaky cyberattack. Stop hackers from scanning your network and tracking your clicks. This is a post from HackRead.com Read the original post: DNS.....

7.2AI Score

2024-05-14 02:25 PM
cve
cve

CVE-2023-5052

vulnerability in Uniform Server Zero, version 10.2.5, consisting of an XSS through the /us_extra/phpinfo.php page. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and partially take over their session...

6.3CVSS

0.0004EPSS

2024-05-14 02:23 PM
cve
cve

CVE-2023-52655

In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length will wrap around ending up as some very large value. The driver will then...

0.0004EPSS

2024-05-14 02:23 PM
cve
cve

CVE-2023-52654

In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix....

7.2AI Score

0.0004EPSS

2024-05-14 02:23 PM
27
githubexploit
githubexploit

Exploit for CVE-2024-27956

WordPress Admin Account Creation and Reverse Shell...

9.9CVSS

8.3AI Score

0.001EPSS

2024-05-14 02:21 PM
5
githubexploit
githubexploit

Exploit for CVE-2024-27956

WordPress Admin Account Creation and Reverse Shell...

9.9CVSS

8.3AI Score

0.001EPSS

2024-05-14 02:21 PM
4
githubexploit
githubexploit

Exploit for CVE-2024-27804

CVE-2024-27804 bash ./build.sh ./panic.sh ```bash...

7.2AI Score

2024-05-14 02:17 PM
3
cve
cve

CVE-2023-50717

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack....

5.7CVSS

6.4AI Score

0.0004EPSS

2024-05-14 02:17 PM
6
cvelist
cvelist

TYPO3 vulnerable to Cross-Site Scripting in ShowImageController

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the ShowImageController (eID tx_cms_showpic ) is vulnerable to...

2024-05-14 02:13 PM
cve
cve

CVE-2023-49781

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...

7.3CVSS

0.0004EPSS

2024-05-14 02:06 PM
cvelist
cvelist

TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...

2024-05-14 02:05 PM
cvelist
cvelist

TYPO3 vulnerable to an HTML Injection in the History Module

TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...

2024-05-14 02:01 PM
cve
cve

CVE-2023-47712

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: ...

7.8CVSS

6.7AI Score

0.0004EPSS

2024-05-14 01:56 PM
18
cve
cve

CVE-2023-47711

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: ...

2.7CVSS

6.5AI Score

0.0004EPSS

2024-05-14 01:56 PM
17
cve
cve

CVE-2023-47709

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: ...

9.1CVSS

7.4AI Score

0.0004EPSS

2024-05-14 01:56 PM
19
cve
cve

CVE-2023-46870

extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python...

2024-05-14 01:54 PM
cvelist
cvelist

OctoPrint Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they....

2024-05-14 01:49 PM
cvelist
cvelist

CVE-2024-1914

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially...

7AI Score

2024-05-14 01:41 PM
cvelist
cvelist

CVE-2024-33865

An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID]...

2024-05-14 01:32 PM
1
cvelist
cvelist

CVE-2024-33864

An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious...

2024-05-14 01:30 PM
openbugbounty
openbugbounty

gdcrayachoty.ac.in Cross Site Scripting vulnerability OBB-3927843

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-14 01:29 PM
3
openbugbounty
openbugbounty

atalasoft.com Cross Site Scripting vulnerability OBB-3927842

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-14 01:29 PM
5
cvelist
cvelist

MongoDB Server (mongod) may crash when generating ftdc

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions...

2024-05-14 01:26 PM
openbugbounty
openbugbounty

sksdmahilakalasala.ac.in Cross Site Scripting vulnerability OBB-3927841

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-14 01:25 PM
5
cvelist
cvelist

MongoDB Server may have unexpected application behaviour due to invalid BSON

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to....

2024-05-14 01:24 PM
cve
cve

CVE-2023-38264

The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: ...

5.9CVSS

6.7AI Score

0.0004EPSS

2024-05-14 01:21 PM
21
cvelist
cvelist

CVE-2024-1913

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific...

7.6AI Score

2024-05-14 01:20 PM
cve
cve

CVE-2023-37526

HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning...

6.5CVSS

0.0004EPSS

2024-05-14 01:20 PM
openbugbounty
openbugbounty

ashford.com Cross Site Scripting vulnerability OBB-3927838

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-14 01:18 PM
6
malwarebytes
malwarebytes

Update Chrome now! Google releases emergency security patch

Google has released an emergency security update for its Chrome browser. The update includes a patch released four days earlier for a vulnerability which Google say is already being exploited. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging...

7.4AI Score

0.02EPSS

2024-05-14 01:17 PM
2
openbugbounty
openbugbounty

argusdelassurance.com Cross Site Scripting vulnerability OBB-3927837

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-14 01:03 PM
5
cvelist
cvelist

CVE-2024-22270

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual...

6.4AI Score

2024-05-14 12:59 PM
cvelist
cvelist

CVE-2024-22269

VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual...

6.4AI Score

2024-05-14 12:59 PM
cvelist
cvelist

CVE-2024-22268

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service...

7AI Score

2024-05-14 12:58 PM
cvelist
cvelist

CVE-2024-22267

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the...

7.6AI Score

2024-05-14 12:58 PM
openbugbounty
openbugbounty

kunstbuchanzeiger.de Cross Site Scripting vulnerability OBB-3927835

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-14 12:53 PM
4
cvelist
cvelist

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting

The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input...

2024-05-14 12:50 PM
cvelist
cvelist

Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

2024-05-14 12:49 PM
Total number of security vulnerabilities2422698