Lucene search

K

CorreosExpress – Shipping Management – Tags Security Vulnerabilities

cve
cve

CVE-2024-5640

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

6AI Score

0.001EPSS

2024-06-07 05:15 AM
22
nvd
nvd

CVE-2024-4902

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS

0.0004EPSS

2024-06-07 05:15 AM
cve
cve

CVE-2024-4902

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS

7.6AI Score

0.0004EPSS

2024-06-07 05:15 AM
23
cvelist
cvelist

CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS

0.0004EPSS

2024-06-07 04:33 AM
1
vulnrichment
vulnrichment

CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-07 04:33 AM
1
cvelist
cvelist

CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and....

6.4CVSS

0.001EPSS

2024-06-07 04:33 AM
nvd
nvd

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

6.4CVSS

0.0004EPSS

2024-06-07 04:15 AM
cve
cve

CVE-2024-1988

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

6.4CVSS

6AI Score

0.0004EPSS

2024-06-07 04:15 AM
22
cvelist
cvelist

CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

6.4CVSS

0.0004EPSS

2024-06-07 03:21 AM
vulnrichment
vulnrichment

CVE-2024-1988 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-07 03:21 AM
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6821-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6821-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability....

8CVSS

8.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
3
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6820-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

8CVSS

8.6AI Score

0.0004EPSS

2024-06-07 12:00 AM
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.9AI Score

0.0005EPSS

2024-06-07 12:00 AM
1
redos
redos

ROS-20240607-05

The vulnerability of the system views pg_stats_ext, pg_stats_ext_exprs of the PostgreSQL DBMS is related to errors in privilege management. in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate...

3.1CVSS

4.1AI Score

0.0004EPSS

2024-06-07 12:00 AM
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6816-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6816-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.7AI Score

0.0005EPSS

2024-06-07 12:00 AM
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6819-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-07 12:00 AM
openvas
openvas

Fedora: Security Advisory for rust-rd-agent (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

7.5AI Score

2024-06-07 12:00 AM
1
f5
f5

K000139953: PHP vulnerability CVE-2024-4577

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. (CVE-2024-4577) Impact There is no impact; F5 products are not affected by this.....

9.8CVSS

9.3AI Score

0.932EPSS

2024-06-07 12:00 AM
32
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 24.04 LTS Packages linux - Linux kernel linux-ibm - Linux kernel for IBM cloud systems linux-lowlatency - Linux low latency kernel linux-raspi - Linux kernel for Raspberry Pi systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly...

7.8CVSS

8.5AI Score

0.0005EPSS

2024-06-07 12:00 AM
3
openvas
openvas

Fedora: Security Advisory for keepassxc (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6818-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

8.4AI Score

0.001EPSS

2024-06-07 12:00 AM
2
nessus
nessus

Cisco Firepower Management Center Software SQL Injection (cisco-sa-fmc-sqli-WFFDnNOs)

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

8.8CVSS

8.4AI Score

0.001EPSS

2024-06-07 12:00 AM
redos
redos

ROS-20240607-04

Vulnerability of the virNetClientIOEventLoop() method of the Libvirt virtualization management library is related to incorrect execution of the data pointer to the structure virNetClientIOEventLoop() in the virNetClientIOEventLoop() method virNetClientIOIOEventData. Exploitation of the...

6.2CVSS

6.7AI Score

0.0004EPSS

2024-06-07 12:00 AM
4
ibm
ibm

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-50313)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. This may result in SSL cipher suites being ignored......

6.5CVSS

5.7AI Score

0.0004EPSS

2024-06-06 08:34 PM
2
nvd
nvd

CVE-2024-5248

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

6.5CVSS

0.0004EPSS

2024-06-06 07:16 PM
cve
cve

CVE-2024-5248

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-06 07:16 PM
24
osv
osv

CVE-2024-5128

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue....

9.4CVSS

6.7AI Score

0.0004EPSS

2024-06-06 07:16 PM
1
nvd
nvd

CVE-2024-5128

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue....

9.4CVSS

0.0004EPSS

2024-06-06 07:16 PM
2
cve
cve

CVE-2024-5128

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue....

9.4CVSS

7AI Score

0.0004EPSS

2024-06-06 07:16 PM
24
nvd
nvd

CVE-2023-45192

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

8.2CVSS

0.0004EPSS

2024-06-06 07:15 PM
cve
cve

CVE-2023-45192

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

8.2CVSS

6.7AI Score

0.0004EPSS

2024-06-06 07:15 PM
24
cvelist
cvelist

CVE-2024-5248 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

6.5CVSS

0.0004EPSS

2024-06-06 06:49 PM
vulnrichment
vulnrichment

CVE-2024-5248 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-06 06:49 PM
vulnrichment
vulnrichment

CVE-2023-45192 IBM Engineering Requirements Management DOORS Next XML external entity injection

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

8.2CVSS

6.6AI Score

0.0004EPSS

2024-06-06 06:49 PM
1
cvelist
cvelist

CVE-2023-45192 IBM Engineering Requirements Management DOORS Next XML external entity injection

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

8.2CVSS

0.0004EPSS

2024-06-06 06:49 PM
2
nvd
nvd

CVE-2024-5505

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

8.8CVSS

0.001EPSS

2024-06-06 06:15 PM
2
cve
cve

CVE-2024-5505

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

8.8CVSS

8.2AI Score

0.001EPSS

2024-06-06 06:15 PM
23
cve
cve

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the.....

7.2CVSS

8.3AI Score

0.0004EPSS

2024-06-06 06:15 PM
24
nvd
nvd

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the.....

7.2CVSS

0.0004EPSS

2024-06-06 06:15 PM
vulnrichment
vulnrichment

CVE-2024-5128 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue....

9.4CVSS

6.7AI Score

0.0004EPSS

2024-06-06 06:08 PM
cvelist
cvelist

CVE-2024-5128 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue....

9.4CVSS

0.0004EPSS

2024-06-06 06:08 PM
1
vulnrichment
vulnrichment

CVE-2024-4889 Code Injection in berriai/litellm

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the.....

7.2CVSS

8AI Score

0.0004EPSS

2024-06-06 05:53 PM
cvelist
cvelist

CVE-2024-4889 Code Injection in berriai/litellm

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the.....

7.2CVSS

0.0004EPSS

2024-06-06 05:53 PM
vulnrichment
vulnrichment

CVE-2024-5505 NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

8.8CVSS

7.9AI Score

0.001EPSS

2024-06-06 05:49 PM
cvelist
cvelist

CVE-2024-5505 NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

8.8CVSS

0.001EPSS

2024-06-06 05:49 PM
1
nvd
nvd

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....

8.2CVSS

0.0004EPSS

2024-06-06 04:15 PM
1
debiancve
debiancve

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....

8.2CVSS

8.1AI Score

0.0004EPSS

2024-06-06 04:15 PM
2
cve
cve

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....

8.2CVSS

7.9AI Score

0.0004EPSS

2024-06-06 04:15 PM
26
osv
osv

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....

8.2CVSS

8AI Score

0.0004EPSS

2024-06-06 04:15 PM
cvelist
cvelist

CVE-2024-36399 Kanboard affected by Project Takeover via IDOR in ProjectPermissionController

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....

8.2CVSS

0.0004EPSS

2024-06-06 03:15 PM
2
Total number of security vulnerabilities140415