Goolytics – Simple Google Analytics Security Vulnerabilities
8.2CVSS
8.2AI Score
0.0004EPSS
5.6CVSS
6.7AI Score
0.0004EPSS
8.8CVSS
8.5AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.932EPSS
7.2AI Score
5.9CVSS
6.4AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.0004EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...
5.4CVSS
6.8AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....
6.5CVSS
7AI Score
0.0005EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...
9.6CVSS
7.9AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...
9.6CVSS
7.9AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...
9.6CVSS
7.9AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...
9.6CVSS
7.9AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
10CVSS
7.7AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.9CVSS
6.1AI Score
0.0004EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
7.7CVSS
6.8AI Score
0.0005EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...
9.1CVSS
7.6AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.6CVSS
6.8AI Score
0.0005EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
9CVSS
6.2AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.5CVSS
7.6AI Score
0.0004EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...
4.3CVSS
7.1AI Score
0.001EPSS
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 ...
5.9CVSS
6.3AI Score
0.001EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
9.6AI Score
0.932EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs)....
5.3CVSS
5.3AI Score
0.001EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command....
9.4CVSS
8.1AI Score
0.001EPSS
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are.....
8.8CVSS
8.8AI Score
0.0004EPSS
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are...
8.8CVSS
8.9AI Score
0.0004EPSS
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....
9.8CVSS
8.7AI Score
0.05EPSS
Malicious code in blueprint-org-planning-app-adp-wrapper (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (9ce904784ecde9ca4b860730c45d27dbca01912380066fe5415b10d3f17f0af8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in atoz-attendance-app (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ff390162beebf06ba564766a3ffc0a06c520792994c16cba3ea0d97ea64d1f29) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in ato-z-web-identity-components-app-cdk-adp-wrapper (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c33c62d31d74de8fa6a7a3911507ce9a8d513bccb45ff1b51b7fbb9068920d3e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in virtuoso-web-chat (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d55b817c75eb4e4cbea58f640b87c52fd65b16657f129f68a7fb53a604fde7f8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
parisneo/lollms Local File Inclusion (LFI) attack
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...
9.1CVSS
6.8AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: singularity-ce-3.11.5^20240603gbd4675f-1.fc39
SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and...
8.3CVSS
7AI Score
0.0005EPSS
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash ), allowing attackers to perform directory traversal attacks on Windows...
9.1CVSS
6.7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: php-8.3.8-1.fc40
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
9.8CVSS
7.3AI Score
0.973EPSS
In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels this error provokes a...
6.7AI Score
0.0004EPSS
UNKNOWN READ in ndpi_search_zoom
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69520 Crash type: UNKNOWN READ Crash state: ndpi_search_zoom check_ndpi_detection_func...
7.2AI Score
Malicious code in icon-reactjs (npm)
This package is considered malicious because it contains code to spam Telegram channels and Whatsapp channels with fake payment...
7.3AI Score
Heap-buffer-overflow in mz_zip_mem_read_func
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69531 Crash type: Heap-buffer-overflow READ {*} Crash state: mz_zip_mem_read_func mz_zip_validate_file...
7.2AI Score
Heap-buffer-overflow in mz_zip_mem_read_func
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69528 Crash type: Heap-buffer-overflow READ {*} Crash state: mz_zip_mem_read_func mz_zip_reader_read_central_dir...
7.2AI Score
Use-of-uninitialized-value in icalmemory_strdup
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69527 Crash type: Use-of-uninitialized-value Crash state: icalmemory_strdup icalparameter_new_from_value_string...
7.2AI Score
8CVSS
7.5AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...
6.1AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...
0.0004EPSS
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The /proxy endpoint accepts a host path...
9.6CVSS
5.6AI Score
0.0004EPSS
linux-aws, linux-oracle vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
7.5AI Score
0.001EPSS