Lucene search

K

BD Pyxis™ MedStation™ ES Server Security Vulnerabilities

nvd
nvd

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

0.0004EPSS

2024-06-24 02:15 PM
4
nuclei
nuclei

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

9.8CVSS

7.1AI Score

0.188EPSS

2024-06-24 01:55 PM
vulnrichment
vulnrichment

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-24 01:52 PM
cvelist
cvelist

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

0.0004EPSS

2024-06-24 01:52 PM
4
thn
thn

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud...

10CVSS

8.1AI Score

EPSS

2024-06-24 01:52 PM
15
ibm
ibm

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)|...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-24 01:47 PM
1
ibm
ibm

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)|...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-24 01:46 PM
1
nvd
nvd

CVE-2024-36038

Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server...

6.3CVSS

0.0004EPSS

2024-06-24 12:15 PM
3
cve
cve

CVE-2024-36038

Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server...

6.3CVSS

5.9AI Score

0.0004EPSS

2024-06-24 12:15 PM
12
vulnrichment
vulnrichment

CVE-2024-36038 Stored XSS

Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server...

6.3CVSS

5.9AI Score

0.0004EPSS

2024-06-24 11:45 AM
cvelist
cvelist

CVE-2024-36038 Stored XSS

Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server...

6.3CVSS

0.0004EPSS

2024-06-24 11:45 AM
8
hackread
hackread

Mailcow Patches Critical XSS and File Overwrite Flaws – Update NOW

Mailcow email servers faced critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) allowing potential remote code execution. Update to Mailcow 2024-04 (Moopril Update) to patch the security holes and keep your email server...

6.2CVSS

8.4AI Score

0.0004EPSS

2024-06-24 11:35 AM
2
githubexploit
githubexploit

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

7CVSS

7.4AI Score

0.0004EPSS

2024-06-24 10:37 AM
34
osv
osv

cups vulnerability

Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the...

4.4CVSS

7.2AI Score

0.0004EPSS

2024-06-24 10:11 AM
securelist
securelist

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...

8.6AI Score

2024-06-24 10:00 AM
thn
thn

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...

7.8CVSS

8.6AI Score

0.879EPSS

2024-06-24 07:49 AM
25
nvd
nvd

CVE-2024-24550

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

0.0004EPSS

2024-06-24 07:15 AM
5
cve
cve

CVE-2024-24550

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

7.7AI Score

0.0004EPSS

2024-06-24 07:15 AM
13
ibm
ibm

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2023-52425]

Summary IBM HTTP Server (IHS) is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. [CVE-2023-52425] Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-24 07:13 AM
1
cvelist
cvelist

CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

0.0004EPSS

2024-06-24 07:05 AM
8
vulnrichment
vulnrichment

CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

8AI Score

0.0004EPSS

2024-06-24 07:05 AM
1
ibm
ibm

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532).

Summary The security issue described in CVE-2024-37532 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-06-24 06:52 AM
1
nuclei

7.2AI Score

0.0004EPSS

2024-06-24 05:40 AM
nvd
nvd

CVE-2024-4499

A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS....

7.6CVSS

0.0004EPSS

2024-06-24 03:15 AM
6
cve
cve

CVE-2024-4499

A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS....

7.6CVSS

7.6AI Score

0.0004EPSS

2024-06-24 03:15 AM
13
cvelist
cvelist

CVE-2024-4499 CSRF Vulnerability in parisneo/lollms XTTS Server

A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS....

7.6CVSS

0.0004EPSS

2024-06-24 03:06 AM
2
nessus
nessus

RHEL 8 : Red Hat OpenStack Platform 16.2 (RHSA-2024:4053)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4053 advisory. Affected components: * python-yaql: a library that contains a large set of commonly used functions * openstack-tripleo-heat-templates: Heat...

7AI Score

0.0004EPSS

2024-06-24 12:00 AM
2
nessus
nessus

Adobe FrameMaker Publishing Server Authentication Bypass (CVE-2024-30299)

The Adobe FrameMaker Publishing Server running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to access certain application...

10CVSS

7.3AI Score

0.001EPSS

2024-06-24 12:00 AM
nessus
nessus

Oracle Linux 9 : libreswan (ELSA-2024-4050)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-4050 advisory. [4.12-2.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2.1] - Fix CVE-2024-3652 (RHEL-40102) Tenable has extracted the preceding...

6.7AI Score

0.0004EPSS

2024-06-24 12:00 AM
1
packetstorm

9.8CVSS

7.1AI Score

0.005EPSS

2024-06-24 12:00 AM
41
vulnrichment
vulnrichment

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the...

6.7AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : booth (ALAS-2024-2575)

The version of booth installed on the remote host is prior to 1.0-8.ef769ef.git. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2575 advisory. A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(),...

5.9CVSS

6.8AI Score

0.001EPSS

2024-06-24 12:00 AM
ubuntu
ubuntu

CUPS vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages cups - Common UNIX Printing System(tm) Details Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate...

4.4CVSS

7.4AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

WordPress 6.0 < 6.5.5

WordPress versions 6.0 &lt; 6.5.5 are affected by one or more...

7.3AI Score

2024-06-24 12:00 AM
1
virtuozzo
virtuozzo

[Important] [Security] Virtuozzo ReadyKernel Patch 168.1 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. Vulnerability id: PSBM-156977 [3.10.0-1160.80.1.vz7.191.4 to 3.10.0-1160.105.1.vz7.214.3] netfilter: A use-after-free vulnerability in...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:2140-1)

The remote host is missing an update for...

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-24 12:00 AM
packetstorm

7.4AI Score

2024-06-24 12:00 AM
43
cvelist
cvelist

CVE-2024-33898

Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...

0.0004EPSS

2024-06-24 12:00 AM
packetstorm

7.4AI Score

2024-06-24 12:00 AM
39
packetstorm

6.8CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
40
nessus
nessus

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...

8.2CVSS

7.2AI Score

0.001EPSS

2024-06-24 12:00 AM
almalinux
almalinux

Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

7.8CVSS

7.6AI Score

0.0005EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 9 : pki-core (RHSA-2024:4051)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4051 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-06-24 12:00 AM
2
nessus
nessus

Amazon Linux 2 : iperf3 (ALAS-2024-2579)

The version of iperf3 installed on the remote host is prior to 3.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2579 advisory. It is possible for a malicious or malfunctioning client to send lessthan the expected amount of data to the server. If this...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:4070)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4070 advisory. Red Hat Certificate System (RHCS) is a complete implementation of an enterprise software system designed to manage enterprise Public Key...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 8 : python3.11 (RHSA-2024:4058)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4058 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

7.8CVSS

7.4AI Score

0.0005EPSS

2024-06-24 12:00 AM
packetstorm

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
41
cvelist
cvelist

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the...

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 8 : thunderbird (RHSA-2024:4063)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4063 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...

8.2AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 9 : dnsmasq (RHSA-2024:4052)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4052 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. ...

7.5CVSS

6.9AI Score

0.003EPSS

2024-06-24 12:00 AM
1
Total number of security vulnerabilities435607