Lucene search

K

Goolytics – Simple Google Analytics Security Vulnerabilities

osv
osv

CGA-xj6j-5vv8-pjv3

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
1
osv
osv

CGA-xj36-3hv3-chh7

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
1
osv
osv

CGA-p3w2-7jg8-hqrq

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
osv
osv

CGA-mwp3-p76c-m3qq

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
1
osv
osv

CGA-jq77-vh5j-x3gh

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
1
osv
osv

CGA-vqjp-4qph-3wpv

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-12 10:06 PM
osv
osv

CGA-g7v9-vhpv-q43g

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
osv
osv

CGA-8qw6-v3xw-qphj

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
1
osv
osv

CGA-f2q2-cx8f-c86p

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
osv
osv

CGA-84mf-6w7v-xpm3

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
osv
osv

CGA-6ppc-7w2f-hw86

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
1
osv
osv

CGA-5qxp-943m-6pf3

Bulletin has no...

7.2AI Score

2024-06-12 10:06 PM
osv
osv

CGA-92p9-wxf4-r5xh

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-12 10:06 PM
osv
osv

CGA-2p8f-mv2m-8p2g

Bulletin has no...

7.2AI Score

2024-06-12 10:04 PM
osv
osv

CGA-24w3-c8cq-57qw

Bulletin has no...

7.2AI Score

2024-06-12 10:04 PM
osv
osv

CGA-h92v-4jxh-fr55

Bulletin has no...

7.2AI Score

2024-06-12 10:04 PM
osv
osv

gqlparser denial of service vulnerability via the parserDirectives function

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives...

6.8AI Score

0.0004EPSS

2024-06-12 09:31 PM
osv
osv

HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

2.6CVSS

6.9AI Score

0.0004EPSS

2024-06-12 09:31 PM
17
osv
osv

CGA-7f84-mfh5-cf8w

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-12 08:04 PM
2
osv
osv

CGA-hr6r-398j-373c

Bulletin has no...

6.6AI Score

EPSS

2024-06-12 08:04 PM
1
osv
osv

CGA-688m-h6qx-7rj6

Bulletin has no...

6.3AI Score

0.0004EPSS

2024-06-12 08:04 PM
1
osv
osv

CGA-22v2-fxwf-9fr6

Bulletin has no...

5.3AI Score

2024-06-12 08:04 PM
1
osv
osv

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

Impact We have identified a Cross-Site Scripting (XSS) vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...

5.8AI Score

2024-06-12 07:43 PM
1
osv
osv

Keycloak Denial of Service via account lockout

In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...

7.1AI Score

2024-06-12 07:42 PM
3
osv
osv

Keycloak's improper input validation allows using email as username

Keycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before...

7AI Score

2024-06-12 07:41 PM
1
osv
osv

WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms

Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript...

5.4CVSS

6AI Score

0.0004EPSS

2024-06-12 07:40 PM
2
osv
osv

@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....

7.1CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:39 PM
2
osv
osv

@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling

Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
1
osv
osv

@strapi/plugin-content-manager leaks data via relations via the Admin Panel

Summary If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created. ...

2.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 07:38 PM
1
github
github

SummerNote Cross Site Scripting Vulnerability

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

6.1AI Score

0.0004EPSS

2024-06-12 06:30 PM
2
osv
osv

SummerNote Cross Site Scripting Vulnerability

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

6.1AI Score

0.0004EPSS

2024-06-12 06:30 PM
2
nvd
nvd

CVE-2024-37629

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

0.0004EPSS

2024-06-12 06:15 PM
3
cve
cve

CVE-2024-37629

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

6.2AI Score

0.0004EPSS

2024-06-12 06:15 PM
20
osv
osv

linux-oem-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-12 06:10 PM
osv
osv

Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0

Impact JupyterHub < 5.0, when used with GlobusOAuthenticator, could be configured to allow all users from a particular institution only. The configuration for this would look like: ```python Require users to be using the "foo.horse" identity provider, often an institution or university...

8.1CVSS

6.6AI Score

0.0004EPSS

2024-06-12 05:13 PM
osv
osv

CGA-46jv-359v-37c2

Bulletin has no...

5.3AI Score

2024-06-12 05:06 PM
1
osv
osv

CVE-2024-37300

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with GlobusOAuthenticator, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because allow_al...

8.1CVSS

6.5AI Score

0.0004EPSS

2024-06-12 04:15 PM
1
osv
osv

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. (CVE-2024-0841) Several security issues were discovered in the Linux kernel. An attacker...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-12 03:51 PM
osv
osv

Apache Submarine Server Core has a SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

7.5AI Score

0.0004EPSS

2024-06-12 03:31 PM
osv
osv

Apache Submarine Server Core Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance....

6.8AI Score

0.0004EPSS

2024-06-12 03:31 PM
1
osv
osv

Apache Submarine Commons Utils has a hard-coded secret

Improper Authentication vulnerability in Apache Submarine Commons Utils. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the...

6.8AI Score

0.0004EPSS

2024-06-12 03:31 PM
osv
osv

CVE-2024-37304

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

6.1CVSS

5.4AI Score

0.0004EPSS

2024-06-12 03:15 PM
2
osv
osv

CVE-2024-37297

WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be...

5.4CVSS

6AI Score

0.0004EPSS

2024-06-12 03:15 PM
1
osv
osv

CVE-2024-31217

Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-06-12 03:15 PM
1
osv
osv

CVE-2024-29181

Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create....

2.3CVSS

6.7AI Score

0.0004EPSS

2024-06-12 03:15 PM
osv
osv

CGA-wqxh-m97h-j5f6

Bulletin has no...

5.3AI Score

2024-06-12 02:04 PM
osv
osv

CGA-r82q-hw76-gmrc

Bulletin has no...

5.3AI Score

2024-06-12 02:04 PM
osv
osv

CGA-hvcv-mvpr-vc77

Bulletin has no...

5.3AI Score

2024-06-12 02:04 PM
osv
osv

CGA-vfm9-cgcj-prvp

Bulletin has no...

5.3AI Score

2024-06-12 02:04 PM
1
osv
osv

CGA-h96h-jwq9-2843

Bulletin has no...

5.3AI Score

2024-06-12 02:04 PM
Total number of security vulnerabilities303830