5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
7.2AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
CloudBrute - Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here...
7.2AI Score
This affects versions of the package opencart/opencart from 4.0.0-0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...
4.7CVSS
5AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0-0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.7CVSS
5AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0-0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...
6.1CVSS
6.1AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0-0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...
7.2CVSS
7AI Score
0.001EPSS
This affects versions of the package opencart/opencart from 4.0.0-0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....
7.2CVSS
7.2AI Score
0.0005EPSS
Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-34447 DESCRIPTION:.....
5.5CVSS
7.9AI Score
EPSS
Summary There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-23082 DESCRIPTION: **ThreeTen Backport is vulnerable to a denial of service, caused by an integer...
7.7AI Score
0.0004EPSS
7.2AI Score
Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute.....
8.4AI Score
0.0004EPSS
Malicious code in fing-react-components (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4e606602dc2c4b6d0550d90156a68cf31799054412bac90062d266e5bcad3d76) The OpenSSF Package Analysis project identified 'fing-react-components' @ 1.15.0 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
7.8CVSS
8.1AI Score
EPSS
6.5AI Score
0.0004EPSS
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1846)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do...
6.8AI Score
EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
Important: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.7AI Score
0.0004EPSS
8CVSS
8.5AI Score
0.0005EPSS
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-1825)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do...
6.8AI Score
EPSS
Important: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...
7.8CVSS
7.6AI Score
0.0005EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.001EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.7AI Score
0.0004EPSS
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to...
9CVSS
9.1AI Score
0.001EPSS
6.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1846)
The remote host is missing an update for the Huawei...
7.5AI Score
EPSS
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1825)
The remote host is missing an update for the Huawei...
7.5AI Score
EPSS
7.8CVSS
7.8AI Score
0.0005EPSS
7.8CVSS
8.8AI Score
EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS