Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...
5.9CVSS
0.0004EPSS
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...
7.3CVSS
6.9AI Score
0.0004EPSS
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...
7.3CVSS
0.0004EPSS
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...
7.9CVSS
0.0004EPSS
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...
7.9CVSS
6.8AI Score
0.0004EPSS
A flaw was found in Kibana. A high-privileged user, allowed to create custom osquery packs, could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
6.9AI Score
0.0004EPSS
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...
0.0004EPSS
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...
6.4AI Score
0.0004EPSS
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts,...
0.0004EPSS
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...
7.3CVSS
7AI Score
0.0005EPSS
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...
7.3CVSS
0.0005EPSS
[SECURITY] Fedora 39 Update: cyrus-imapd-3.8.3-1.fc39
The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...
6.5CVSS
7.1AI Score
0.0005EPSS
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...
7.3CVSS
7AI Score
0.0005EPSS
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...
7.3CVSS
0.0005EPSS
Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns
Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program (WIP) in.....
6.7AI Score
[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40
The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use...
6.5CVSS
7.1AI Score
0.0005EPSS
Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability...
9.8CVSS
10AI Score
0.002EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Windows
Google Chrome is prone to an unspecified ...
7AI Score
Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Linux
Google Chrome is prone to an unspecified ...
7AI Score
SUSE SLES12 Security Update : php8 (SUSE-SU-2024:2027-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2027-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the...
5.3CVSS
9.5AI Score
0.001EPSS
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....
5.8CVSS
7.2AI Score
0.0004EPSS
Google Chrome Security Update (stable-channel-update-for-desktop_22-2024-02) - Mac OS X
Google Chrome is prone to an unspecified ...
7AI Score
CrateDB has a Client initialized Session-Renegotiation DoS
Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...
5.3CVSS
6.9AI Score
0.0004EPSS
CrateDB has a Client initialized Session-Renegotiation DoS
Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...
5.3CVSS
6.9AI Score
0.0004EPSS
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex...
4.3CVSS
0.0004EPSS
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex...
4.3CVSS
4.5AI Score
0.0004EPSS
CVE-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex...
4.3CVSS
0.0004EPSS
CVE-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex...
4.3CVSS
6.7AI Score
0.0004EPSS
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...
5.3CVSS
5.6AI Score
0.0004EPSS
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...
5.3CVSS
7.7AI Score
0.0004EPSS
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...
5.3CVSS
0.0004EPSS
CVE-2024-37309 Client initialized Session-Renegotiation DoS
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...
5.3CVSS
0.0004EPSS
KLA68933 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a...
9.2AI Score
0.0004EPSS
Atlassian Confluence 7.19 < 7.19.21 / 8.5.x < 8.5.8 / < 8.9.0 (CONFSERVER-94957)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94957 advisory. This High severity Gatekeeper Injection vulnerability was introduced in versions 7.1.0 of Confluence Data Center. This allows an unauthenticated...
7.7AI Score
SAP NetWeaver AS Java DoS (3460407)
SAP NetWeaver Application Server for Java is affected by denial of service vulnerability: Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This...
7.5CVSS
7.5AI Score
0.0004EPSS
Description The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This.....
7.3CVSS
6.6AI Score
0.0005EPSS
SAP NetWeaver AS ABAP DoS (3453170)
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....
6.5CVSS
6.5AI Score
0.0004EPSS
KLA68934 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in...
8.8CVSS
9.3AI Score
0.001EPSS
SAP NetWeaver AS ABAP XSS (3450286)
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....
6.1CVSS
6.4AI Score
0.0004EPSS
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...
8.1CVSS
7.9AI Score
0.0004EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output...
6.4CVSS
0.0004EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output...
6.4CVSS
5.7AI Score
0.0004EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output...
6.4CVSS
0.0004EPSS
Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
7.2AI Score
0.001EPSS
parisneo/lollms Local File Inclusion (LFI) attack
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...
9.1CVSS
6.8AI Score
0.0004EPSS
parisneo/lollms Local File Inclusion (LFI) attack
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...
9.1CVSS
6.8AI Score
0.0004EPSS
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...
9.1CVSS
0.0004EPSS
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...
9.1CVSS
6.7AI Score
0.0004EPSS
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...
9.1CVSS
9.2AI Score
0.0004EPSS
CVE-2024-4315 LFI Vulnerability due to Lack of Path Sanitization in parisneo/lollms
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...
9.1CVSS
0.0004EPSS