CVE-2024-27314 Stored XSS Vulnerability
Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role...
2.4CVSS
6AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF)
vufind/vufind is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to the /Upgrade/FixConfig route, which allows remote attackers to overwrite local configuration...
6.9AI Score
EPSS
Fedora: Security Advisory for rust-python-launcher (FEDORA-2024-ce2936b568)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f83b123d63)
The remote host is missing an update for...
6.5CVSS
6.4AI Score
0.0004EPSS
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-5dc487ee89)
The remote host is missing an update for...
6.5CVSS
6.4AI Score
0.0004EPSS
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f34786d26f)
The remote host is missing an update for...
6.1CVSS
6.3AI Score
0.0004EPSS
Fedora: Security Advisory for python-openapi-core (FEDORA-2024-000a25f3fc)
The remote host is missing an update for...
6.1CVSS
6.3AI Score
0.0004EPSS
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-000a25f3fc)
The remote host is missing an update for...
6.1CVSS
6.3AI Score
0.0004EPSS
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-e0057e6044)
The remote host is missing an update for...
6.1CVSS
6.3AI Score
0.0004EPSS
rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not constrained to any limitation. This would lead to...
8.6CVSS
6.5AI Score
0.0004EPSS
Fedora: Security Advisory for opensmtpd (FEDORA-2024-28fde3feb7)
The remote host is missing an update for...
7.8CVSS
7.7AI Score
0.0004EPSS
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-2f15e6e876)
The remote host is missing an update for...
6.5CVSS
6.4AI Score
0.0004EPSS
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...
7.8AI Score
6.1CVSS
7.5AI Score
0.002EPSS
[SECURITY] Fedora 40 Update: rust-python-launcher-1.0.0-12.fc40
The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platfor ms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing...
7.2AI Score
7.8CVSS
6.4AI Score
0.001EPSS
7.8CVSS
6.4AI Score
0.001EPSS
KLA68206 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Heap buffer overflow vulnerability in Dawn can be exploited to cause denial of service Type...
8.8CVSS
8.4AI Score
0.003EPSS
In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510):...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510):...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510): ...
6.5AI Score
0.0004EPSS
Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager (CVE-2024-28752). IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation....
6.7AI Score
0.001EPSS
CVE-2021-47515 seg6: fix the iif in the IPv6 socket control block
In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510):...
6.3AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager (CVE-2023-50312,CVE-2024-27270 and CVE-2024-22329) Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could.....
5.3CVSS
6.5AI Score
0.0004EPSS
Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks
Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed...
7.9AI Score
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...
6.4CVSS
5.7AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...
6.4CVSS
5.9AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
6.4CVSS
5.7AI Score
0.001EPSS
5.3CVSS
7.5AI Score
0.002EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...
6.4CVSS
5.9AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...
6.4CVSS
5.8AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
6.4CVSS
5.8AI Score
0.001EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...
6.4CVSS
5.9AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.7AI Score
0.001EPSS
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
5.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510):...
6.5AI Score
0.0004EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS
ManageEngine ServiceDesk Plus MSP < 14.7 Build 14720
The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the service-desk-msp_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin.....
2.4CVSS
3.4AI Score
0.0004EPSS
7.4AI Score
ManageEngine SupportCenter Plus < 14.7 Build 14720
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the support-center_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin...
2.4CVSS
3.4AI Score
0.0004EPSS
python39:3.9 and python39-devel:3.9 security update
mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...
8.1CVSS
6.7AI Score
0.005EPSS
ManageEngine ServiceDesk Plus < 14.7 Build 14730
The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.7 Build 14730. It is, therefore, affected by a vulnerability as referenced in the service-desk_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin role to.....
2.4CVSS
3.4AI Score
0.0004EPSS
Jenkins plugins Multiple Vulnerabilities (2024-05-24)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files,...
4.9CVSS
5AI Score
EPSS
babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...
9.8CVSS
6.7AI Score
0.005EPSS
SBOM support in Spring Boot 3.3
Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...
6.5AI Score
An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating...
7.1AI Score
EPSS
An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating...
6.8AI Score
EPSS
Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any...
7AI Score
Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed). This action gets the URL to add in the GET parameter FileURL. However it doesn't do any...
7AI Score