Diary & Availability Calendar Security Vulnerabilities
SAP NetWeaver AS ABAP DoS (April 2024)
The remote SAP NetWeaver ABAP server may be affected by a denial of service (DoS) vulnerability. The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to.....
6.5CVSS
7.1AI Score
0.0004EPSS
Vulnerability of sessionReadRecord function of ext/session/sqlite3session.c file of database management system SQLite is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect confidentiality, integrity, and...
7.3CVSS
7.7AI Score
0.001EPSS
Esri Portal for ArcGIS < Security 2024 Update 1 Multiple Vulnerabilities (10.8.1)
The version of Esri Portal for ArcGIS installed is missing Security 2024 Update 1. It is, therefore, affected by multiple vulnerabilities including: There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 10.8.1 through 11.2...
9.9CVSS
7.5AI Score
0.0004EPSS
The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups By Jambul Tologonov and John Fokker · April 11, 2024 The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect....
6.5AI Score
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a....
4.2CVSS
4.7AI Score
0.0004EPSS
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a....
4.2CVSS
6.9AI Score
0.0004EPSS
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a....
4.2CVSS
6.8AI Score
0.0004EPSS
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a....
4.2CVSS
4.9AI Score
0.0004EPSS
CVE-2024-29902 Cosign vulnerable to system-wide denial of service via malicious attachments
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a....
4.2CVSS
4.8AI Score
0.0004EPSS
CVE-2024-29902 Cosign vulnerable to system-wide denial of service via malicious attachments
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a....
4.2CVSS
5AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions....
9.9CVSS
9.7AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions....
9.9CVSS
9.8AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions....
9.9CVSS
9.7AI Score
0.0004EPSS
CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions....
9.9CVSS
9.9AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by....
9.6CVSS
9.3AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by....
9.6CVSS
9.2AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by....
9.6CVSS
9.3AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote...
9.9CVSS
9.8AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in...
5.4CVSS
6.7AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an XWiki.SchedulerJobClass XObject, it is possible to execute arbitrary code on the server whenever an...
9CVSS
9.3AI Score
0.0004EPSS
CVE-2024-31988 XWiki Platform CSRF remote code execution through the realtime HTML Converter API
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by....
9.6CVSS
9.5AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can...
9.9CVSS
9.7AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed....
10CVSS
9.8AI Score
0.001EPSS
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can...
9.9CVSS
9.8AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed....
10CVSS
7.7AI Score
0.001EPSS
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed....
10CVSS
9.7AI Score
0.001EPSS
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting.....
9.9CVSS
9.8AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can...
9.9CVSS
9.8AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically...
9.9CVSS
9.7AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page.....
9.9CVSS
6.9AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page.....
9.9CVSS
9.5AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page.....
9.9CVSS
9.6AI Score
0.0004EPSS
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can...
9.9CVSS
10AI Score
0.0004EPSS
CVE-2024-31982 XWiki Platform: Remote code execution as guest via DatabaseSearch
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed....
10CVSS
10AI Score
0.001EPSS
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's....
6.8CVSS
6.6AI Score
0.0004EPSS
CVE-2024-31465 XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page.....
9.9CVSS
7AI Score
0.0004EPSS
CVE-2024-31465 XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page.....
9.9CVSS
9.8AI Score
0.0004EPSS
XWiki Platform remote code execution from account through UIExtension parameters
Impact Parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and...
9.9CVSS
7.9AI Score
0.0004EPSS
XWiki Platform remote code execution from account through UIExtension parameters
Impact Parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and...
9.9CVSS
7.6AI Score
0.0004EPSS
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the /collections/{COLLECTION}/snapshots/upload endpoint, specifically through the snapshot parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to...
9.8CVSS
7.8AI Score
0.0004EPSS
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the /collections/{COLLECTION}/snapshots/upload endpoint, specifically through the snapshot parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to...
9.8CVSS
9.9AI Score
0.0004EPSS
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the /collections/{COLLECTION}/snapshots/upload endpoint, specifically through the snapshot parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to...
9.8CVSS
9.7AI Score
0.0004EPSS
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Impact When the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the...
9.6CVSS
7.5AI Score
0.0004EPSS
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Impact When the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the...
9.6CVSS
7.8AI Score
0.0004EPSS
XWiki Platform: Remote code execution through space title and Solr space facet
Impact By creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises...
9.9CVSS
7.8AI Score
0.0004EPSS
XWiki Platform: Remote code execution through space title and Solr space facet
Impact By creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises...
9.9CVSS
8.1AI Score
0.0004EPSS
XWiki Platform: Remote code execution as guest via DatabaseSearch
Impact XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and...
10CVSS
8AI Score
0.001EPSS
XWiki Platform: Remote code execution as guest via DatabaseSearch
Impact XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and...
10CVSS
7.7AI Score
0.001EPSS
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Impact Any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an...
9.9CVSS
7AI Score
0.0004EPSS
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Impact Any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an...
9.9CVSS
7.3AI Score
0.0004EPSS