7.4AI Score
7.4AI Score
RHEL 6 : xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: net: ne2000: OOB memory access in ioport r/w functions (CVE-2015-8743) The qemu implementation in...
7.5CVSS
6.4AI Score
0.011EPSS
RHEL 6 : qemu-kvm-rhev (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: i386: leakage of stack memory to guest in kvmvapic.c (CVE-2016-4020) QEMU (aka Quick Emulator)...
7.5CVSS
7.1AI Score
0.04EPSS
RHEL 8 : fence-agents (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-httplib2: Regular expression denial of service via malicious header (CVE-2021-21240) A flaw was...
7.5CVSS
5.6AI Score
0.004EPSS
RHEL 8 : rhel_qemu-kvm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS (CVE-2020-10717) Note that Nessus has not...
6.5CVSS
6.9AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
RHEL 8 : virglrenderer (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. virglrenderer: out-of-bounds read in the vrend_blit_need_swizzle may lead to DoS (CVE-2019-18390) A NULL...
7.1CVSS
6AI Score
0.0004EPSS
RHEL 7 : xen (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Qemu: audio: host memory leakage via capture buffer (CVE-2017-8309) The qemu implementation in libvirt...
7.5CVSS
6.5AI Score
0.011EPSS
RHEL 7 : qemu-kvm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. QEMU: net: ignore packets with large size (CVE-2018-17963) Buffer overflow in the send_control_msg...
9.8CVSS
6.8AI Score
0.141EPSS
RHEL 7 : dpdk (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dpdk: Information exposure in unchecked guest physical to host virtual address translations ...
7.5CVSS
7.6AI Score
0.002EPSS
[7.2.0-11.el9] - vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758] - vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758] - migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug:...
8.2CVSS
7AI Score
0.001EPSS
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
6.3CVSS
7.7AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
6.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched...
6.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack...
5.3CVSS
7AI Score
0.0004EPSS
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack...
5.3CVSS
5.3AI Score
0.0004EPSS
CVE-2024-5587 Casdoor Configuration File app.conf file access
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack...
5.3CVSS
5.3AI Score
0.0004EPSS
10CVSS
6.7AI Score
0.001EPSS
Ticketmaster confirms customer data breach
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...
7.4AI Score
HackerOne: [ Spot Check ] Team members can edit a user's write-up
This report was created as part of the investigation for the Spot Check about the Spot Checks feature. Hi, I discovered team members / hackerone staff can modify a user's spot check write-up. I believe this is not intended functionality for the following reasons: 1. There is no option to edit the.....
7.2AI Score
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...
7CVSS
7.1AI Score
0.001EPSS
symfony/routing is vulnerable to XML Entity Expansion (XEE). The vulnerability is due to allowing custom entities in PHP, which allows an attacker to submit XML which results in a XEE Quadratic...
6.9AI Score
Regular Expression Denial Of Service (ReDoS)
micromatch is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces() method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...
5.3CVSS
6.7AI Score
0.0004EPSS
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....
7.1CVSS
6.7AI Score
0.001EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1870-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1870-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following...
7.8CVSS
8.9AI Score
EPSS
Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated...
6.2AI Score
0.0005EPSS
Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF...
6.6AI Score
0.0005EPSS
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
6.6AI Score
0.0004EPSS
7.1AI Score
0.001EPSS
10CVSS
7.1AI Score
0.001EPSS
Amazon Linux 2 : kernel (ALAS-2024-2549)
The version of kernel installed on the remote host is prior to 4.14.343-259.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2549 advisory. 2024-06-19: CVE-2023-46838 was added to this advisory. 2024-06-06: CVE-2023-52486 was added to this advisory. ...
7.8CVSS
7.6AI Score
0.0005EPSS
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within.....
7.1CVSS
6.7AI Score
0.001EPSS
WP Logs Book <= 1.0.1 - Log Clearing via CSRF
Description The plugin does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF...
6.6AI Score
0.0004EPSS
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...
7.3CVSS
7.6AI Score
0.0004EPSS
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...
7.3CVSS
7.6AI Score
0.0004EPSS
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
6.3CVSS
6.5AI Score
0.0004EPSS
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
6.3CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and.....
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and.....
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len =...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len =...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len =...
7.1AI Score
0.0004EPSS
CVE-2024-5519 ItsourceCode Learning Management System Project In PHP login.php sql injection
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...
7.3CVSS
7.6AI Score
0.0004EPSS
CVE-2024-5519 ItsourceCode Learning Management System Project In PHP login.php sql injection
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...
7.3CVSS
7.6AI Score
0.0004EPSS
CVE-2024-5518 itsourcecode Online Discussion Forum change_profile_picture.php unrestricted upload
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
6.3CVSS
6.9AI Score
0.0004EPSS