Lucene search

K

Frontend File Manager & Sharing – User Private Files Security Vulnerabilities

nessus
nessus

Amazon Linux 2 : golang (ALAS-2024-2576)

The version of golang installed on the remote host is prior to 1.22.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2576 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip...

9.8CVSS

8AI Score

0.001EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : qemu (ALAS-2024-2572)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2572 advisory. A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio- crypto), where the...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-24 12:00 AM
wpexploit
wpexploit

WooCommerce 8.8.0 - 8.9.2 - Reflected XSS

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

5.4CVSS

5.4AI Score

0.0004EPSS

2024-06-24 12:00 AM
49
nessus
nessus

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-646)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-646 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file...

9.8CVSS

8AI Score

0.001EPSS

2024-06-24 12:00 AM
1
packetstorm

9.8CVSS

7.1AI Score

0.005EPSS

2024-06-24 12:00 AM
45
nessus
nessus

CentOS 9 : kernel-5.14.0-467.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-467.el9 build changelog. In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not...

5.5CVSS

7.4AI Score

EPSS

2024-06-24 12:00 AM
1
nessus
nessus

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-072)

The version of kernel installed on the remote host is prior to 5.4.261-174.360. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-072 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related...

6.9AI Score

0.0004EPSS

2024-06-24 12:00 AM
1
ubuntu
ubuntu

Hibernate vulnerability

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages libhibernate3-java - Relational Persistence for Idiomatic Java Details It was discovered that Hibernate incorrectly handled certain inputs with unsanitized literals. If a user or an automated system were tricked into opening...

7.5AI Score

2024-06-24 12:00 AM
1
nessus
nessus

Amazon Linux 2 : webkitgtk4 (ALAS-2024-2577)

The version of webkitgtk4 installed on the remote host is prior to 2.42.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2577 advisory. An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4,...

6.9AI Score

0.0005EPSS

2024-06-24 12:00 AM
1
wpvulndb
wpvulndb

WooCommerce 8.8.0 - 8.9.2 - Reflected XSS

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

5.4CVSS

5.4AI Score

0.0004EPSS

2024-06-24 12:00 AM
2
nessus
nessus

FreeBSD : emacs -- Arbitrary shell code evaluation vulnerability (4f6c4c07-3179-11ef-9da5-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4f6c4c07-3179-11ef-9da5-1c697a616631 advisory. GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security...

7.5AI Score

2024-06-24 12:00 AM
nessus
nessus

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Hibernate vulnerability (USN-6845-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6845-1 advisory. It was discovered that Hibernate incorrectly handled certain inputs with unsanitized literals. If a user or an automated system were...

7.4CVSS

7.1AI Score

0.004EPSS

2024-06-24 12:00 AM
vulnrichment
vulnrichment

CVE-2024-37732

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf...

7.2AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-644)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-644 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, >, or...

6.1CVSS

6.4AI Score

0.001EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : php (ALASPHP8.1-2024-005)

The version of php installed on the remote host is prior to 8.1.29-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2024-005 advisory. The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default),...

6.5CVSS

7.3AI Score

0.006EPSS

2024-06-24 12:00 AM
1
nessus
nessus

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-073)

The version of kernel installed on the remote host is prior to 5.4.149-73.259. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-073 advisory. A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a ...

7.8CVSS

8.5AI Score

0.003EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : booth (ALAS-2024-2575)

The version of booth installed on the remote host is prior to 1.0-8.ef769ef.git. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2575 advisory. A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(),...

5.9CVSS

6.8AI Score

0.001EPSS

2024-06-24 12:00 AM
packetstorm

7.4AI Score

2024-06-24 12:00 AM
47
packetstorm

7.4AI Score

2024-06-24 12:00 AM
41
vulnrichment
vulnrichment

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via...

7AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2573)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2573 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

6.1CVSS

6.7AI Score

0.001EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : libndp (ALAS-2024-2571)

The version of libndp installed on the remote host is prior to 1.2-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2571 advisory. A vulnerability was found in libndp. A buffer overflow in NetworkManager that can be triggered by sending a malformed IPv6 router...

7.4CVSS

7.2AI Score

0.0004EPSS

2024-06-24 12:00 AM
1
nessus
nessus

Amazon Linux 2 : python-jinja2 (ALAS-2024-2574)

The version of python-jinja2 installed on the remote host is prior to 2.7.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2574 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

6.1CVSS

7.1AI Score

0.001EPSS

2024-06-24 12:00 AM
packetstorm

7.4AI Score

2024-06-24 12:00 AM
43
packetstorm

6.8CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
43
nessus
nessus

Fedora 39 : thunderbird (2024-6de8bb7c1b)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6de8bb7c1b advisory. Update to 115.12.1 * https://www.thunderbird.net/en-US/thunderbird/115.12.1/releasenotes/ * https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/ ...

7.4AI Score

2024-06-24 12:00 AM
cvelist
cvelist

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via...

0.0004EPSS

2024-06-24 12:00 AM
2
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libarchive (SUSE-SU-2024:2171-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2171-1 advisory. - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). Tenable has extracted the...

7.3CVSS

7.3AI Score

0.003EPSS

2024-06-24 12:00 AM
wpvulndb
wpvulndb

Divi < 4.25.2 - Contributor+ Stored XSS

Description The theme is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-24 12:00 AM
packetstorm

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
44
cvelist
cvelist

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path...

0.0004EPSS

2024-06-24 12:00 AM
1
cvelist
cvelist

CVE-2024-37732

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf...

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : dnsmasq (ALAS-2024-2580)

The version of dnsmasq installed on the remote host is prior to 2.76-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2580 advisory. dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. (CVE-2023-49441) Tenable has extracted the preceding description...

7AI Score

EPSS

2024-06-24 12:00 AM
nessus
nessus

RHEL 9 : libreswan (RHSA-2024:4050)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4050 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

7.1AI Score

0.0004EPSS

2024-06-24 12:00 AM
2
vulnrichment
vulnrichment

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path...

6.8AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2023 : python3-jinja2 (ALAS2023-2024-645)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-645 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, &gt;, or...

6.1CVSS

6.7AI Score

0.001EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-062)

The version of kernel installed on the remote host is prior to 5.10.218-206.860. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-062 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect...

5.5CVSS

6.7AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vte (SUSE-SU-2024:2180-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2180-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory...

6.8AI Score

0.0004EPSS

2024-06-24 12:00 AM
nessus
nessus

Amazon Linux AMI : R (ALAS-2024-1940)

The version of R installed on the remote host is prior to 3.4.1-1.53. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1940 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-24 12:00 AM
cve
cve

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...

6.9AI Score

0.0004EPSS

2024-06-23 11:15 PM
17
nvd
nvd

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...

0.0004EPSS

2024-06-23 11:15 PM
4
nvd
nvd

CVE-2024-6273

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack....

4.3CVSS

0.0004EPSS

2024-06-23 10:15 PM
1
cve
cve

CVE-2024-6273

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack....

4.3CVSS

4.4AI Score

0.0004EPSS

2024-06-23 10:15 PM
14
cvelist
cvelist

CVE-2024-6273 SourceCodester Clinic Queuing System patient_side.php save_patient cross site scripting

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as problematic. Affected by this vulnerability is the function save_patient of the file patient_side.php. The manipulation of the argument Full Name/Contact/Address leads to cross site scripting. The attack....

4.3CVSS

0.0004EPSS

2024-06-23 10:00 PM
3
githubexploit
githubexploit

Exploit for Incorrect Conversion between Numeric Types in Microsoft

This repository contains a poc for CVE-2023-23388, which is...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-06-23 07:52 PM
63
hackread
hackread

Examining the US Government’s DDoS Protection Guidance Update

In March 2024, CISA, MS-ISAC, and the FBI released updated DDoS response guidance. The document outlines key strategies and 15 steps for mitigating DDoS attacks, emphasizing the need for continuous monitoring and collaboration between government and private...

7.4AI Score

2024-06-23 05:17 PM
3
nvd
nvd

CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS

0.0004EPSS

2024-06-23 03:15 PM
2
cve
cve

CVE-2024-4841

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS

4.2AI Score

0.0004EPSS

2024-06-23 03:15 PM
13
cvelist
cvelist

CVE-2024-4841 Path Traversal in parisneo/lollms-webui

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS

0.0004EPSS

2024-06-23 02:33 PM
3
vulnrichment
vulnrichment

CVE-2024-4841 Path Traversal in parisneo/lollms-webui

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders,...

4CVSS

6.8AI Score

0.0004EPSS

2024-06-23 02:33 PM
Total number of security vulnerabilities1034739