CVE-2024-0942 Totolink N200RE V5 cstecgi.cgi session expiration
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is....
3.7CVSS
5AI Score
0.001EPSS
A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may....
9.8CVSS
7.1AI Score
0.001EPSS
A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may....
9.8CVSS
9.3AI Score
0.001EPSS
A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may....
9.8CVSS
7AI Score
0.001EPSS
CVE-2024-0933 Niushop B2B2C Upload.php unrestricted upload
A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may....
6.3CVSS
9.6AI Score
0.001EPSS
A flaw was found in Squid, resulting in a potential denial of service attack targeting Cache Manager error responses. This issue enables a trusted client to execute a denial of service by manipulating the generation of error pages for Client Manager reports. Mitigation Restrict entry to Cache...
6.5CVSS
7AI Score
0.009EPSS
IBM SECURITY ADVISORY First Issued: Thu Jan 25 14:11:09 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssl_advisory40.asc Security Bulletin: AIX is vulnerable to a denial of service (CVE-2023-5678, CVE-2023-6129,...
7.5CVSS
7.8AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: SystemK Equipment: NVR 504/508/516 Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
9.8CVSS
8.5AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MachineSense LLC. Equipment: MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...
10CVSS
9AI Score
0.001EPSS
Any authenticated user may obtain private message details from other users on the same instance
Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an.....
7.5CVSS
6.8AI Score
0.0005EPSS
Any authenticated user may obtain private message details from other users on the same instance
Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an.....
7.5CVSS
6.9AI Score
0.0005EPSS
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...
7.5CVSS
6.7AI Score
0.0005EPSS
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...
7.5CVSS
6.4AI Score
0.0005EPSS
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...
6.5CVSS
7.5AI Score
0.0005EPSS
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...
6.5CVSS
7AI Score
0.0005EPSS
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...
7.5CVSS
7.7AI Score
0.0005EPSS
Publitas: CORS Misconfiguration on █████
Summary: An cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of...
6.8AI Score
squid is vulnerable to Expired Pointer Dereference. The vulnerability is due to the usage of a pointer after dereference. An attacker can exploit this vulnerability to mount a Denial Of Service (DOS) attack against Cache Manager error responses when generating error pages for Client Manager...
6.5CVSS
6.7AI Score
0.009EPSS
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...
6.5CVSS
7.2AI Score
0.009EPSS
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...
6.5CVSS
6.7AI Score
0.009EPSS
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...
6.5CVSS
6.7AI Score
0.009EPSS
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...
6.5CVSS
6.9AI Score
0.009EPSS
CVE-2024-23638 SQUID-2023:11 Denial of Service in Cache Manager
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...
6.5CVSS
7.4AI Score
0.009EPSS
No permission checks for editing/deleting records with CSV import form
Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it.....
4.3CVSS
4.5AI Score
0.0004EPSS
No permission checks for editing/deleting records with CSV import form
Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it.....
4.3CVSS
4.5AI Score
0.0004EPSS
Denial of service in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4
Denial of service in github.com/go-git/go-git/v5 and...
7.5CVSS
7.1AI Score
0.0005EPSS
Path traversal and RCE in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4
Path traversal and RCE in github.com/go-git/go-git/v5 and...
9.8CVSS
7.2AI Score
0.002EPSS
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Impact If a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the record's title can be accessed by that user. Base CVSS: 4.3 Reported by: Nick K - LittleMonkey, littlemonkey.co.nz References ...
4.3CVSS
4.5AI Score
0.0004EPSS
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Impact If a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the record's title can be accessed by that user. Base CVSS: 4.3 Reported by: Nick K - LittleMonkey, littlemonkey.co.nz References ...
4.3CVSS
4.5AI Score
0.0004EPSS
View permissions are bypassed for paginated lists of ORM data
Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has....
5.3CVSS
5.2AI Score
0.0005EPSS
View permissions are bypassed for paginated lists of ORM data
Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has....
5.3CVSS
5.2AI Score
0.0005EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: XPort Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain credentials. 3. TECHNICAL DETAILS 3.1...
7.5CVSS
7.1AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command...
9.8CVSS
8.9AI Score
0.001EPSS
APsystems Energy Communication Unit (ECU-C) Power Control Software
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable via adjacent network / low attack complexity Vendor: APsystems Equipment: Energy communication Unit (ECU-C) Power Control Software Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this...
8.8CVSS
8.9AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: Lynx 206-F2G Vulnerabilities: Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of Sensitive Information, Cross-Site Request...
8.8CVSS
8.1AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Crestron Equipment: AM-300 Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges to root-level access. 3....
8.4CVSS
8AI Score
0.0004EPSS
Orthanc Osimis DICOM Web Viewer
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Osimis Web Viewer Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...
7.1CVSS
6.9AI Score
0.0005EPSS
JVN#34565930: Multiple vulnerabilities in a-blog cms
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Improper input validation (CWE-20) - CVE-2024-23180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N| Base Score: 3.5 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score:...
8.8CVSS
7.1AI Score
0.001EPSS
Security Bulletin: NVIDIA BlueField 2 and 3 BMC - January 2024
NVIDIA has released a firmware update for NVIDIA BlueField DPU Baseboard Management Controller (BMC). To protect your system, download and install this firmware update from the NVIDIA DOCA Software Framework page. Go to NVIDIA Product Security. Details This section provides a summary of potential.....
7.2CVSS
7.7AI Score
0.001EPSS
Malicious code in cagov-template-v5 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (041aa485b2de4fd90575bf3656a8dee0ce0c0a4319b0919b62d35f6b98b090c6) The OpenSSF Package Analysis project identified 'cagov-template-v5' @ 19.2.0 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Server Vulnerabilities: Improper Check or Handling of Exceptional Conditions, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful...
7.5CVSS
7.6AI Score
0.001EPSS
JVN#83655695: Multiple Dahua Technology products vulnerable to authentication bypass
Multiple products provided by Dahua Technology contain an authentication bypass vulnerability (CWE-287). ## Impact The product's identity verification may be bypassed if a remote attacker sends specially crafted data packets. ## Solution Update the software Update the software to the latest...
9.8CVSS
6.9AI Score
0.256EPSS
9.3CVSS
6.8AI Score
0.001EPSS
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...
6.1CVSS
6.2AI Score
0.0005EPSS
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...
6.1CVSS
6.6AI Score
0.0005EPSS
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...
6.1CVSS
6.3AI Score
0.0005EPSS
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...
6.1CVSS
6.9AI Score
0.0005EPSS
CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting
The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...
6.4AI Score
0.0005EPSS
Intel BIOS Firmware CVE-2022-26006 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
8.2CVSS
7.4AI Score
0.0004EPSS
squid:buster is vulnerable to Denial Of Service. The vulnerability due to an Uncontrolled Recursion bug configured by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature. It allows a remote attacker to perform Denial of Service...
8.6CVSS
6.6AI Score
0.005EPSS