Lucene search

K

All In One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings Security Vulnerabilities

openbugbounty
openbugbounty

nordicbiosite.com Cross Site Scripting vulnerability OBB-3938898

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 09:51 PM
4
cvelist
cvelist

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive...

EPSS

2024-06-25 09:36 PM
2
malwarebytes
malwarebytes

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....

7.5AI Score

2024-06-25 09:35 PM
2
cvelist
cvelist

CVE-2024-30112 HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

5.4CVSS

EPSS

2024-06-25 09:28 PM
2
openbugbounty
openbugbounty

baseballquebec.com Cross Site Scripting vulnerability OBB-3938896

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 09:28 PM
3
nvd
nvd

CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

7.2CVSS

EPSS

2024-06-25 09:16 PM
3
cve
cve

CVE-2024-5018

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...

5.3CVSS

5.4AI Score

EPSS

2024-06-25 09:16 PM
3
cve
cve

CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

7.2CVSS

7.2AI Score

EPSS

2024-06-25 09:16 PM
3
nvd
nvd

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

5.3CVSS

EPSS

2024-06-25 09:16 PM
2
nvd
nvd

CVE-2024-5018

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...

5.3CVSS

EPSS

2024-06-25 09:16 PM
2
nvd
nvd

CVE-2024-5017

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information...

6.5CVSS

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-5017

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information...

6.5CVSS

6.2AI Score

EPSS

2024-06-25 09:16 PM
2
cve
cve

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

5.3CVSS

5.5AI Score

EPSS

2024-06-25 09:16 PM
2
cve
cve

CVE-2024-5015

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...

7.1CVSS

6.8AI Score

EPSS

2024-06-25 09:16 PM
3
nvd
nvd

CVE-2024-5015

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...

7.1CVSS

EPSS

2024-06-25 09:16 PM
1
nvd
nvd

CVE-2024-5012

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential...

8.6CVSS

EPSS

2024-06-25 09:16 PM
1
nvd
nvd

CVE-2024-5013

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...

7.5CVSS

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-5013

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...

7.5CVSS

7.6AI Score

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-5014

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...

7.1CVSS

6.8AI Score

EPSS

2024-06-25 09:16 PM
2
nvd
nvd

CVE-2024-5014

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...

7.1CVSS

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-5012

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential...

8.6CVSS

8.6AI Score

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-37855

An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication...

7.9AI Score

EPSS

2024-06-25 09:15 PM
1
nvd
nvd

CVE-2024-35526

An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade...

EPSS

2024-06-25 09:15 PM
1
cve
cve

CVE-2024-35526

An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade...

6.2AI Score

EPSS

2024-06-25 09:15 PM
2
nvd
nvd

CVE-2024-37855

An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication...

EPSS

2024-06-25 09:15 PM
1
cve
cve

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2...

7AI Score

EPSS

2024-06-25 09:15 PM
2
nvd
nvd

CVE-2024-38516

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...

8.8CVSS

EPSS

2024-06-25 09:15 PM
1
nvd
nvd

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2...

EPSS

2024-06-25 09:15 PM
2
cve
cve

CVE-2024-38516

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...

8.8CVSS

8.6AI Score

EPSS

2024-06-25 09:15 PM
5
openbugbounty
openbugbounty

b-21.com Cross Site Scripting vulnerability OBB-3938893

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 09:06 PM
4
redhatcve
redhatcve

CVE-2024-39471

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return...

7.2AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-39470

In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointer that may be caused by calling update_events_attr which will perform some operations on the....

7.2AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-39469

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be.....

7AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4...

7AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-39468

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such...

7.2AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-39466

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). Fix...

7.2AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-39465

In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc...

7.1AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-39463

In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: addition on 0;...

7.2AI Score

EPSS

2024-06-25 08:52 PM
redhatcve
redhatcve

CVE-2024-39464

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head.....

7.3AI Score

EPSS

2024-06-25 08:52 PM
openbugbounty
openbugbounty

basaksecmen.com Cross Site Scripting vulnerability OBB-3938892

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:52 PM
2
redhatcve
redhatcve

CVE-2024-39462

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

7AI Score

EPSS

2024-06-25 08:51 PM
1
redhatcve
redhatcve

CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs t...

7AI Score

EPSS

2024-06-25 08:51 PM
1
redhatcve
redhatcve

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via...

7.1AI Score

EPSS

2024-06-25 08:51 PM
openbugbounty
openbugbounty

bestlocalseotools.com Cross Site Scripting vulnerability OBB-3938891

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:50 PM
2
cvelist
cvelist

CVE-2024-5019 WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

5.3CVSS

EPSS

2024-06-25 08:29 PM
2
cvelist
cvelist

CVE-2024-5018 WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...

5.3CVSS

EPSS

2024-06-25 08:27 PM
1
redhatcve
redhatcve

CVE-2024-39276

In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290....

7.1AI Score

EPSS

2024-06-25 08:26 PM
openbugbounty
openbugbounty

wcuc.org Cross Site Scripting vulnerability OBB-3938884

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:26 PM
3
redhatcve
redhatcve

CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007....

6.9AI Score

EPSS

2024-06-25 08:25 PM
redhatcve
redhatcve

CVE-2024-38385

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the.....

7.2AI Score

EPSS

2024-06-25 08:25 PM
Total number of security vulnerabilities2998504