7.2AI Score
7.2AI Score
9.8CVSS
9.4AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.0005EPSS
5.5CVSS
5.3AI Score
0.0004EPSS
8.8CVSS
6.3AI Score
0.001EPSS
8.8CVSS
6.3AI Score
0.001EPSS
8.8CVSS
6.3AI Score
0.001EPSS
8.8CVSS
6.3AI Score
0.001EPSS
4.4CVSS
4.6AI Score
0.0004EPSS
8.8CVSS
6.3AI Score
0.001EPSS
4.3CVSS
6.8AI Score
0.0005EPSS
5.5CVSS
5.3AI Score
0.0004EPSS
6.4AI Score
0.0004EPSS
7.2AI Score
mariadb, mariadb-10.6 vulnerability
A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been updated to 10.6.18 in Ubuntu 22.04 LTS and to 10.11.8 in Ubuntu 23.10 and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes,...
4.9CVSS
6.7AI Score
0.0005EPSS
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...
6.5CVSS
6.9AI Score
0.0004EPSS
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,.....
7.5AI Score
0.0004EPSS
Heap-buffer-overflow in spvtools::disassemble::InstructionDisassembler::EmitInstruction
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69549 Crash type: Heap-buffer-overflow READ 1 Crash state: spvtools::disassemble::InstructionDisassembler::EmitInstruction spvtools::DisassembleInstruction...
7.2AI Score
In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection...
0.0004EPSS
7.8CVSS
8AI Score
0.001EPSS
8.8CVSS
6.7AI Score
0.0004EPSS
[2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi Oracle history: June-22-2023 Cupertino Miranda - 2.17-326.0.9 - OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed free() of stack allocations. Reviewed-by: Jose E....
6.8AI Score
0.0005EPSS
Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.2AI Score
0.001EPSS
7.4CVSS
6.7AI Score
0.0004EPSS
7.4AI Score
Oracle Linux 7 : glibc (ELSA-2024-12444)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory. [2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...
9.8CVSS
9.7AI Score
0.009EPSS
7.2AI Score
0.0004EPSS
8.8CVSS
6.8AI Score
0.001EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
7.5AI Score
0.001EPSS
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub (32-bit) and Scalar52::sub...
7.2AI Score
Moodle BigBlueButton web service leaks meeting joining information
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...
7AI Score
0.0004EPSS
Dolibarr arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL...
7.7AI Score
0.0004EPSS
Moodle stored XSS via calendar's event title when deleting the event
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion...
5.8AI Score
0.0004EPSS
Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.9AI Score
0.0004EPSS
Moodle HTTP authorization header is preserved between "emulated redirects"
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect...
6.5AI Score
0.0004EPSS
Moodle CSRF risks due to misuse of confirm_sesskey
Incorrect CSRF token checks resulted in multiple CSRF...
7AI Score
0.0004EPSS
Malicious code in draconianspeed (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (b1212e40bb57fce7672f50431153645b13624cc1e2061b44c0b91fec275e7853) The OpenSSF Package Analysis project identified 'draconianspeed' @ 5.0.0 (npm) as malicious. It is considered malicious because: The package...
7.4AI Score
PocketBase performs password auth and OAuth2 unverified email linking
In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email (it is unverified) - at some later point in time the targeted user stumble on your app and decides to sign-up with.....
5.4CVSS
6.5AI Score
0.0004EPSS
USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This...
9CVSS
7.6AI Score
0.001EPSS
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider.....
5.7CVSS
6.7AI Score
0.0004EPSS
Minder affected by denial of service from maliciously configured Git repository
Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...
5.7CVSS
6.4AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...
7.3CVSS
7.2AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...
7.3CVSS
0.0004EPSS
Malicious code in mvp-website-html (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (89574af4bb00d4c540ffc8651f5ef4bcc0f72af2368ee6e32346807e91d2e8a0) The OpenSSF Package Analysis project identified 'mvp-website-html' @ 2.0.0 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
CVE-2024-6116 itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...
7.3CVSS
7.1AI Score
0.0004EPSS
CVE-2024-6116 itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...
7.3CVSS
0.0004EPSS
A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...
7.3CVSS
0.0004EPSS
A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...
7.3CVSS
7.3AI Score
0.0004EPSS
CVE-2024-6115 itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload
A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched...
7.3CVSS
0.0004EPSS