Lucene search

K

Float Menu – Awesome Floating Side Menu Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-27314 Stored XSS Vulnerability

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...

2.4CVSS

6AI Score

0.0004EPSS

2024-05-27 07:03 AM
veracode
veracode

Server-Side Request Forgery (SSRF)

vufind/vufind is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to the /Upgrade/FixConfig route, which allows remote attackers to overwrite local configuration...

6.9AI Score

EPSS

2024-05-27 03:34 AM
1
openvas
openvas

Fedora: Security Advisory for rust-python-launcher (FEDORA-2024-ce2936b568)

The remote host is missing an update for...

7.5AI Score

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f83b123d63)

The remote host is missing an update for...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-05-27 12:00 AM
2
openvas
openvas

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-5dc487ee89)

The remote host is missing an update for...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-05-27 12:00 AM
3
openvas
openvas

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f34786d26f)

The remote host is missing an update for...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-05-27 12:00 AM
2
openvas
openvas

Fedora: Security Advisory for python-openapi-core (FEDORA-2024-000a25f3fc)

The remote host is missing an update for...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-05-27 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-000a25f3fc)

The remote host is missing an update for...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-05-27 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-e0057e6044)

The remote host is missing an update for...

6.1CVSS

6.3AI Score

0.0004EPSS

2024-05-27 12:00 AM
1
ubuntucve
ubuntucve

CVE-2024-35231

rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to...

8.6CVSS

6.5AI Score

0.0004EPSS

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for opensmtpd (FEDORA-2024-28fde3feb7)

The remote host is missing an update for...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-2f15e6e876)

The remote host is missing an update for...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-05-27 12:00 AM
1
kitploit
kitploit

Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning

Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...

7.8AI Score

2024-05-26 12:30 PM
15
githubexploit

6.1CVSS

7.5AI Score

0.002EPSS

2024-05-26 06:56 AM
29
fedora
fedora

[SECURITY] Fedora 40 Update: rust-python-launcher-1.0.0-12.fc40

The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platfor ms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing...

7.2AI Score

2024-05-26 01:29 AM
3
githubexploit
githubexploit

Exploit for CVE-2023-33733

CVE-2023-33733-POC Disclamer I did not, nor do I take...

7.8CVSS

6.4AI Score

0.001EPSS

2024-05-25 06:47 PM
119
githubexploit
githubexploit

Exploit for CVE-2023-33733

CVE-2023-33733-POC Disclamer I did not, nor do I take...

7.8CVSS

6.4AI Score

0.001EPSS

2024-05-25 06:47 PM
148
kaspersky
kaspersky

KLA68206 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in Dawn can be exploited to cause denial of service Type...

8.8CVSS

8.4AI Score

0.003EPSS

2024-05-25 12:00 AM
4
nvd
nvd

CVE-2021-47515

In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510):...

6.4AI Score

0.0004EPSS

2024-05-24 03:15 PM
3
cve
cve

CVE-2021-47515

In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510):...

6.6AI Score

0.0004EPSS

2024-05-24 03:15 PM
23
debiancve
debiancve

CVE-2021-47515

In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510): ...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
1
ibm
ibm

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager (CVE-2024-28752). IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation....

6.7AI Score

0.001EPSS

2024-05-24 03:15 PM
7
cvelist
cvelist

CVE-2021-47515 seg6: fix the iif in the IPv6 socket control block

In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510):...

6.3AI Score

0.0004EPSS

2024-05-24 03:09 PM
ibm
ibm

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service and disclosure of sensitive information.

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager (CVE-2023-50312,CVE-2024-27270 and CVE-2024-22329) Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could.....

5.3CVSS

6.5AI Score

0.0004EPSS

2024-05-24 11:00 AM
5
thn
thn

Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks

Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed...

7.9AI Score

2024-05-24 09:13 AM
1
cve
cve

CVE-2024-4484

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-24 07:15 AM
28
nvd
nvd

CVE-2024-4484

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 07:15 AM
nvd
nvd

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 07:15 AM
cve
cve

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-24 07:15 AM
27
githubexploit
githubexploit

Exploit for CVE-2023-5089

...

5.3CVSS

7.5AI Score

0.002EPSS

2024-05-24 07:14 AM
28
cvelist
cvelist

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 06:42 AM
vulnrichment
vulnrichment

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 06:42 AM
1
vulnrichment
vulnrichment

CVE-2024-4485 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 06:42 AM
cvelist
cvelist

CVE-2024-4485 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 06:42 AM
cve
cve

CVE-2024-3718

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-24 06:15 AM
28
cve
cve

CVE-2024-2784

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-24 05:15 AM
29
ubuntucve
ubuntucve

CVE-2021-47515

In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510):...

6.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
1
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
10
nessus
nessus

ManageEngine ServiceDesk Plus MSP < 14.7 Build 14720

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the service-desk-msp_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin.....

2.4CVSS

3.4AI Score

0.0004EPSS

2024-05-24 12:00 AM
2
packetstorm

7.4AI Score

2024-05-24 12:00 AM
149
nessus
nessus

ManageEngine SupportCenter Plus < 14.7 Build 14720

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the support-center_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin...

2.4CVSS

3.4AI Score

0.0004EPSS

2024-05-24 12:00 AM
4
oraclelinux
oraclelinux

python39:3.9 and python39-devel:3.9 security update

mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload &gt;= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...

8.1CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
4
nessus
nessus

ManageEngine ServiceDesk Plus < 14.7 Build 14730

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.7 Build 14730. It is, therefore, affected by a vulnerability as referenced in the service-desk_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin role to.....

2.4CVSS

3.4AI Score

0.0004EPSS

2024-05-24 12:00 AM
11
nessus
nessus

Jenkins plugins Multiple Vulnerabilities (2024-05-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files,...

4.9CVSS

5AI Score

EPSS

2024-05-24 12:00 AM
13
oraclelinux
oraclelinux

python27:2.7 security update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

9.8CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
2
spring
spring

SBOM support in Spring Boot 3.3

Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...

6.5AI Score

2024-05-24 12:00 AM
4
cve
cve

CVE-2024-31843

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating...

7.1AI Score

EPSS

2024-05-23 07:16 PM
48
nvd
nvd

CVE-2024-31843

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating...

6.8AI Score

EPSS

2024-05-23 07:16 PM
github
github

Silverstripe HtmlEditor embed url sanitisation

"Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any...

7AI Score

2024-05-23 06:14 PM
1
osv
osv

Silverstripe HtmlEditor embed url sanitisation

"Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any...

7AI Score

2024-05-23 06:14 PM
1
Total number of security vulnerabilities58188