An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available.....
7AI Score
0.0004EPSS
Fedora 40 : vips (2024-791f8d9804)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-791f8d9804 advisory. libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to...
5.5CVSS
6.9AI Score
0.0004EPSS
3.5CVSS
7.2AI Score
0.0004EPSS
Fedora 40 : libfilezilla (2024-0b8ed349ad)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0b8ed349ad advisory. Patch for upload crash (FEDORA-2024-0b8ed349ad) Note that Nessus has not tested for this issue but has instead relied only on the application's...
7.4AI Score
Newsletters < 4.9.6 - Authenticated (Admin+) Arbitrary File Upload
Description The Newsletters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the.....
9.1CVSS
8AI Score
0.0004EPSS
WP-Lister Lite for eBay < 3.6.0 - Authenticated (Shop Manager+) Arbitrary File Upload
Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 3.6.0 (exclusive). This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files.....
9.1CVSS
8AI Score
0.0004EPSS
3.5CVSS
7.2AI Score
0.0004EPSS
Fedora 40 : baresip / libre (2024-a63e807450)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-a63e807450 advisory. Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process...
7.2AI Score
Contest Gallery < 21.3.5 - Authenticated (Author+) Arbitrary File Deletion
Description The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 21.3.4. This.....
8.5CVSS
6.7AI Score
0.0004EPSS
Fedora 40 : rubygem-loofah (2023-1bbea3700b)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1bbea3700b advisory. Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, <...
7.5CVSS
6.2AI Score
0.001EPSS
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.4AI Score
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar...
7.4AI Score
0.0004EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (python-flask) (RHSA-2023:3440)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3440 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...
7.5CVSS
7.9AI Score
0.002EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-flask) (RHSA-2023:3444)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3444 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...
7.5CVSS
7.9AI Score
0.002EPSS
RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity...
9.8CVSS
8.8AI Score
0.732EPSS
RHEL 8 : Red Hat OpenStack Platform 16.1 (python-flask) (RHSA-2023:3446)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3446 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...
7.5CVSS
7.9AI Score
0.002EPSS
RHEL 7 / 8 : Satellite 6.11 Release (Moderate) (RHSA-2022:5498)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5498 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and ...
9.8CVSS
9.5AI Score
0.186EPSS
Exploit for Path Traversal in Aiohttp
poc-cve-2024-23334 This repository contains a proof of...
7.5CVSS
7.6AI Score
0.052EPSS
9.9CVSS
7.2AI Score
0.001EPSS
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.19 (RHSA-2018:0271)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0271 advisory. artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174) tomcat: Remote Code Execution bypass for CVE-2017-12615...
7.5CVSS
8.4AI Score
0.975EPSS
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...
10AI Score
0.957EPSS
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of...
9.1CVSS
7.4AI Score
0.0004EPSS
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of...
9.1CVSS
9.4AI Score
0.0004EPSS
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of...
9.1CVSS
9.6AI Score
0.0004EPSS
uvdesk/core-framework is vulnerable to Remote Code Execution. This vulnerability is due to insufficient input validation, allowing attackers to upload malicious files which result in Remote Code...
10CVSS
7.2AI Score
0.0004EPSS
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...
9.8CVSS
7.8AI Score
0.0004EPSS
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...
9.8CVSS
9.8AI Score
0.0004EPSS
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary...
9.8CVSS
9.9AI Score
0.0004EPSS
Unrestricted Upload Of File With Dangerous Type
thinkcmf/thinkcmf vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is due to insufficient validation of file extensions during the upload process in UeditorController.php. This flaw allows an attacker to execute arbitrary code via uploaded malicious...
7.7AI Score
0.0004EPSS
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to....
9.9CVSS
10AI Score
0.012EPSS
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access...
6.5AI Score
0.0004EPSS
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access...
6.8AI Score
0.0004EPSS
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access...
6.8AI Score
0.0004EPSS
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access...
6.7AI Score
0.0004EPSS
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through...
10CVSS
9.7AI Score
0.0004EPSS
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through...
10CVSS
7.7AI Score
0.0004EPSS
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through...
10CVSS
9.8AI Score
0.0004EPSS
CVE-2024-0916 Unauthenticated Remote Code Execution in UvDesk Community
Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through...
10CVSS
10AI Score
0.0004EPSS
File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted...
7.1AI Score
0.0004EPSS
File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted...
7.3AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
6.8AI Score
0.0004EPSS
A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be...
4.3CVSS
6.4AI Score
0.0004EPSS
A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be...
4.3CVSS
4.4AI Score
0.0004EPSS
CVE-2024-3508 Bzip2: compressed content bomb leads to denial of service of bombastic api
A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be...
4.3CVSS
6.6AI Score
0.0004EPSS
CVE-2024-3508 Bzip2: compressed content bomb leads to denial of service of bombastic api
A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be...
4.3CVSS
4.7AI Score
0.0004EPSS
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....
6.8CVSS
7.4AI Score
0.0004EPSS
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection (SSTI). Successful exploitation of the vulnerability.....
6.8CVSS
7AI Score
0.0004EPSS
DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server
This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.1AI Score
0.003EPSS
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL.....
9.8CVSS
7.5AI Score
0.97EPSS