Mattermost post fetching without auditing in compliance export in...
4.3CVSS
6.7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
7.9AI Score
0.0004EPSS
0.0004EPSS
RHEL 7 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) LibTIFF prior to 4.0.4, as used in...
8.8CVSS
8.4AI Score
0.126EPSS
RHEL 6 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) LibTIFF prior to 4.0.4, as used in...
8.8CVSS
8.3AI Score
0.318EPSS
RHEL 5 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) LibTIFF 4.0.3 allows remote attackers...
8.8CVSS
7.9AI Score
0.318EPSS
RHEL 5 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) Heap-based buffer overflow in the...
9.7AI Score
0.318EPSS
RHEL 7 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) Heap-based buffer overflow in the...
10AI Score
0.126EPSS
RHEL 6 : libtiff (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libtiff: Heap-based buffer over-read in bmp2tiff (CVE-2017-9117) Heap-based buffer overflow in the...
9.8AI Score
0.318EPSS
RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2018:0587)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0587 advisory. mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) mysql: Server: GIS unspecified vulnerability (CPU...
7.1CVSS
7.4AI Score
0.006EPSS
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the...
8.2CVSS
7.3AI Score
0.0004EPSS
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the...
8.2CVSS
8.3AI Score
0.0004EPSS
CVE-2024-2591 SQL injection vulnerability in AMSS++
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the...
8.2CVSS
8.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2023-2591)
The remote host is missing an update for the Huawei...
6.4CVSS
6AI Score
0.001EPSS
EulerOS 2.0 SP9 : ntp (EulerOS-SA-2023-2591)
According to the versions of the ntp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the...
6.4CVSS
6.4AI Score
0.001EPSS
The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged...
5.4CVSS
5.2AI Score
0.001EPSS
The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged...
5.4CVSS
5.2AI Score
0.001EPSS
The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged...
5.4CVSS
5.2AI Score
0.001EPSS
CVE-2022-4115 Editorial Calendar < 3.8.3 - Contributor+ Stored XSS
The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged...
5.4AI Score
0.001EPSS
7.5CVSS
7.1AI Score
0.006EPSS
7.5CVSS
7.8AI Score
EPSS
7.5CVSS
7.1AI Score
0.006EPSS
teampass vulnerable to code injection
In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a...
5.4CVSS
7AI Score
0.001EPSS
teampass vulnerable to code injection
In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a...
5.4CVSS
5.6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
5.4CVSS
5.6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
5.4CVSS
7.1AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
5.4CVSS
6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
7.1CVSS
5.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to...
7.1CVSS
5.7AI Score
0.001EPSS
5.4CVSS
5.6AI Score
0.001EPSS
Stored HTML Injection in Item Label
Description If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. # Proof of Concept ```...
5.4CVSS
5.8AI Score
0.001EPSS
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. Recent assessments: cbeek-r7 at October 17, 2023 7:31am UTC reported: A...
6.1CVSS
6.2AI Score
0.004EPSS
7.5CVSS
7.2AI Score
0.009EPSS
Malicious code in controlreplace (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (bd99919cb7bf3d2cdbbf8b9c77d2790327b74c80e7a8e83a9433ccc7220b6b2d) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
heap-buffer-overflow in function gf_m2ts_process_tdt_tot media_tools/mpegts.c
Version ``` ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev40-g3602a5ded-master (c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...
7.8CVSS
7.4AI Score
0.001EPSS
Android 13 introduces many enhancements in order to harden...
7.7AI Score
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...
6.1CVSS
5.9AI Score
0.006EPSS
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2022-2591)
The remote host is missing an update for the Huawei...
7.8CVSS
7.9AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : shim (EulerOS-SA-2022-2591)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : shim: Buffer overflow when loading crafted EFI images (CVE-2022-28737) Note that Tenable Network Security has extracted the preceding...
7.8CVSS
9AI Score
0.001EPSS
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2591. Reason: This candidate is a duplicate of CVE-2006-2591. Notes: All CVE users should reference CVE-2006-2591 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
6.8AI Score
0.003EPSS
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the...
6.3AI Score
0.002EPSS
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the...
6.3AI Score
0.002EPSS
Malicious code in dreactbvotstrap (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (25072ffb584a022ee2d41ab37e2543607c059094ef2e102bfc14c3477db1db75) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Amazon Linux AMI : libtiff (ALAS-2022-1625)
The version of libtiff installed on the remote host is prior to 4.0.3-35.38. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1625 advisory. Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote...
7.8CVSS
8.4AI Score
0.009EPSS
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...
7.5CVSS
0.006EPSS
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...
7.5CVSS
7.5AI Score
0.006EPSS
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...
7.5CVSS
7.5AI Score
0.006EPSS
8.8CVSS
7.6AI Score
EPSS