Lucene search

K

Business Directory Plugin | GeoDirectory Security Vulnerabilities

cvelist
cvelist

CVE-2024-36071

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search...

6.3CVSS

EPSS

2024-06-20 12:00 AM
nessus
nessus

Flowise Chatflow Detected

This is an informational plugin to inform the user that the scanner has detected the use of a Flowise...

7.2AI Score

2024-06-20 12:00 AM
1
nessus
nessus

Quivr Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Quivr instance on the target application. Quivr is RAG Framework specialized for building GenAI Second Brains and allows discussion with a variety of documents using different LLM...

7.3AI Score

2024-06-20 12:00 AM
1
zdi
zdi

Windscribe Directory Traversal Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windscribe Service....

7.5AI Score

EPSS

2024-06-20 12:00 AM
nessus
nessus

Open WebUI Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Open WebUI instance on the target application. Open WebUI offer an extensible web application designed for various LLM while offering a feature-rich...

7.3AI Score

2024-06-20 12:00 AM
1
nessus
nessus

LibreChat Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible LibreChat instance on the target application. LibreChat is an enhanced open-source ChatGPT...

7.2AI Score

2024-06-20 12:00 AM
1
nessus
nessus

AnythingLLM Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible AnythingLLM instance on the target application. AnythingLLM let you choose beetween differents LLM or vector database to use and allow to convert any document or content into references that the.....

7.2AI Score

2024-06-20 12:00 AM
1
nessus
nessus

NextChat Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible NextChat (formerly ChatGPT-Next-Web) instance on the target application. NextChat is a collection of tools to help developers build their own AI service around most popular...

7.2AI Score

2024-06-20 12:00 AM
1
nessus
nessus

Yoast SEO Plugin for WordPress < 22.7 Cross-Site Scripting

The WordPress Yoast SEO Plugin installed on the remote host is affected by a stored Cross-Site Scripting (XSS) vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

6.2AI Score

2024-06-20 12:00 AM
1
nessus
nessus

Flowise Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Flowise instance on the target application. Flowise is a builder for LLM...

7.2AI Score

2024-06-20 12:00 AM
1
nessus
nessus

MLflow Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible MLflow instance on the target application. MLflow is platform to streamling machine learning development and simplify model...

7.2AI Score

2024-06-20 12:00 AM
1
nessus
nessus

Yoast SEO Plugin for WordPress < 22.6 Cross-Site Scripting

The WordPress Yoast SEO Plugin installed on the remote host is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

6.4AI Score

2024-06-20 12:00 AM
1
cvelist
cvelist

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

7.5CVSS

0.0004EPSS

2024-06-19 11:30 PM
1
vulnrichment
vulnrichment

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-06-19 11:30 PM
nvd
nvd

CVE-2024-38358

Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fd_write. Programs can also crash the...

2.9CVSS

0.0004EPSS

2024-06-19 08:15 PM
1
cve
cve

CVE-2024-38358

Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fd_write. Programs can also crash the...

2.9CVSS

3.9AI Score

0.0004EPSS

2024-06-19 08:15 PM
5
cvelist
cvelist

CVE-2024-38358 Symlink bypasses filesystem sandbox in wasmer

Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fd_write. Programs can also crash the...

2.9CVSS

0.0004EPSS

2024-06-19 07:55 PM
2
cve
cve

CVE-2024-36116

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-06-19 06:15 PM
8
osv
osv

CVE-2024-36116

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

7.5CVSS

7.2AI Score

0.0004EPSS

2024-06-19 06:15 PM
nvd
nvd

CVE-2024-36116

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

7.5CVSS

0.0004EPSS

2024-06-19 06:15 PM
5
githubexploit
githubexploit

Exploit for CVE-2023-47504

CVE-2023-47504 POC Exploit for CVE-2023-47504. According to...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-06-19 06:07 PM
43
ibm
ibm

Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...

9.8CVSS

9.5AI Score

0.939EPSS

2024-06-19 05:56 PM
13
cvelist
cvelist

CVE-2024-36116 Path traversal in Reposilite javadoc file expansion

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

7.5CVSS

0.0004EPSS

2024-06-19 05:37 PM
7
cve
cve

CVE-2024-34444

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-19 03:15 PM
10
nvd
nvd

CVE-2024-34443

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...

5.9CVSS

0.0004EPSS

2024-06-19 03:15 PM
1
cve
cve

CVE-2024-34443

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...

5.9CVSS

5.8AI Score

0.0004EPSS

2024-06-19 03:15 PM
17
nvd
nvd

CVE-2024-34444

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before...

7.1CVSS

0.0004EPSS

2024-06-19 03:15 PM
2
cve
cve

CVE-2023-38394

Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-19 03:15 PM
4
nvd
nvd

CVE-2023-38394

Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through...

5.4CVSS

0.0004EPSS

2024-06-19 03:15 PM
cve
cve

CVE-2023-38393

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

7.5AI Score

0.0004EPSS

2024-06-19 03:15 PM
25
cve
cve

CVE-2023-36516

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...

7.6CVSS

7.5AI Score

0.0004EPSS

2024-06-19 03:15 PM
5
nvd
nvd

CVE-2023-36516

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-19 03:15 PM
nvd
nvd

CVE-2023-38393

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-19 03:15 PM
cve
cve

CVE-2023-25697

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-19 03:15 PM
5
nvd
nvd

CVE-2023-25697

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-19 03:15 PM
nvd
nvd

CVE-2023-36515

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...

7.3CVSS

0.0004EPSS

2024-06-19 03:15 PM
cve
cve

CVE-2023-36515

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-06-19 03:15 PM
6
cvelist
cvelist

CVE-2024-34444 WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before...

7.1CVSS

0.0004EPSS

2024-06-19 02:57 PM
vulnrichment
vulnrichment

CVE-2024-34443 WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...

5.9CVSS

7AI Score

0.0004EPSS

2024-06-19 02:53 PM
cvelist
cvelist

CVE-2024-34443 WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before...

5.9CVSS

0.0004EPSS

2024-06-19 02:53 PM
1
cvelist
cvelist

CVE-2023-25697 WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-19 02:34 PM
3
vulnrichment
vulnrichment

CVE-2023-25697 WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through...

5.4CVSS

7AI Score

0.0004EPSS

2024-06-19 02:34 PM
cvelist
cvelist

CVE-2023-36515 WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...

7.3CVSS

0.0004EPSS

2024-06-19 02:20 PM
1
vulnrichment
vulnrichment

CVE-2023-36516 WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...

7.6CVSS

7AI Score

0.0004EPSS

2024-06-19 02:18 PM
cvelist
cvelist

CVE-2023-36516 WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-19 02:18 PM
1
vulnrichment
vulnrichment

CVE-2023-38393 WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

6.9AI Score

0.0004EPSS

2024-06-19 02:15 PM
cvelist
cvelist

CVE-2023-38393 WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-19 02:15 PM
1
cve
cve

CVE-2023-39310

Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-19 02:15 PM
4
nvd
nvd

CVE-2023-39310

Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-19 02:15 PM
cve
cve

CVE-2023-36683

Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-19 02:15 PM
6
Total number of security vulnerabilities347073