Lucene search

K

Gwyn's Imagemap Selector Security Vulnerabilities

cvelist
cvelist

CVE-2024-26029 Form selector allows directory listing and running of arbitrary resources in libs, bin folders that are not usually accessible

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not.....

7.5CVSS

0.001EPSS

2024-06-13 07:53 AM
vulnrichment
vulnrichment

CVE-2024-26029 Form selector allows directory listing and running of arbitrary resources in libs, bin folders that are not usually accessible

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not.....

7.5CVSS

6.9AI Score

0.001EPSS

2024-06-13 07:53 AM
redhat
redhat

(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
7
redhat
redhat

(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.1, and includes bug fixes.....

6.1AI Score

0.001EPSS

2024-06-04 10:56 AM
6
nessus
nessus

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3581)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
2
nessus
nessus

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3580 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.2AI Score

0.001EPSS

2024-06-04 12:00 AM
nessus
nessus

RHEL 6 : pcp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. js-jquery: XSS via improper selector detection (CVE-2012-6708) Note that Nessus has not tested for this issue but...

6.1CVSS

6.1AI Score

0.008EPSS

2024-06-03 12:00 AM
nessus
nessus

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...

8.2CVSS

7.2AI Score

0.016EPSS

2024-05-28 12:00 AM
2
nessus
nessus

Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...

9.8CVSS

7.2AI Score

0.032EPSS

2024-05-28 12:00 AM
4
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
10
oraclelinux
oraclelinux

python39:3.9 and python39-devel:3.9 security update

mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...

8.1CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
4
oraclelinux
oraclelinux

python27:2.7 security update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

9.8CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
2
osv
osv

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" (manifest) key to cause ArgoCD to execute any deployment, potentially...

9CVSS

7.4AI Score

0.0004EPSS

2024-05-21 06:07 PM
4
github
github

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache

Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" (manifest) key to cause ArgoCD to execute any deployment, potentially...

9CVSS

7.4AI Score

0.0004EPSS

2024-05-21 06:07 PM
6
talosblog
talosblog

Talos releases new macOS open-source fuzzer

Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare...

6.6AI Score

2024-05-16 12:00 PM
7
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....

8.3AI Score

EPSS

2024-05-15 12:00 AM
6
cve
cve

CVE-2024-2846

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

5.7AI Score

0.0004EPSS

2024-05-14 03:21 PM
2
nvd
nvd

CVE-2024-2846

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-05-14 03:21 PM
vulnrichment
vulnrichment

CVE-2024-2846 Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

5.8AI Score

0.0004EPSS

2024-05-09 08:03 PM
cvelist
cvelist

CVE-2024-2846 Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

4.8AI Score

0.0004EPSS

2024-05-09 08:03 PM
wpvulndb
wpvulndb

Visual Footer Credit Remover < 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS

5.8AI Score

0.0004EPSS

2024-05-07 12:00 AM
1
ibm
ibm

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details ** CVEID: CVE-2020-13920 DESCRIPTION: **Apache ActiveMQ is vulnerable to a man-in-the-middle attack, caused by improper authentication validation when connecting to...

7.5CVSS

9.6AI Score

0.84EPSS

2024-05-02 12:46 PM
16
nessus
nessus

Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory. decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. (CVE-2022-38900) The got package...

9.8CVSS

9AI Score

0.073EPSS

2024-05-02 12:00 AM
5
nessus
nessus

RHEL 7 : python-django-horizon (RHSA-2015:1679)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1679 advisory. OpenStack Dashboard (Horizon) provides administrators and users with a graphical interface to access, provision, and automate...

5.8AI Score

0.003EPSS

2024-04-27 12:00 AM
4
oraclelinux
oraclelinux

libreswan security and bug fix update

[4.12-1.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-1.1] - Fix CVE-2024-2357 (RHEL-29734) - x509: unpack IPv6 general names based on length (RHEL-32719) [4.12-1] - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz#2215956 [4.9-5] -...

7.5AI Score

0.0004EPSS

2024-04-24 12:00 AM
4
cve
cve

CVE-2024-3536

A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-04-10 04:15 AM
25
nvd
nvd

CVE-2024-3536

A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-04-10 04:15 AM
cvelist
cvelist

CVE-2024-3536 Campcodes Church Management System delete_log.php sql injection

A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...

6.3CVSS

7.1AI Score

0.0004EPSS

2024-04-10 03:31 AM
nvd
nvd

CVE-2024-3425

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-04-07 04:15 PM
1
cve
cve

CVE-2024-3425

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit....

6.3CVSS

7.4AI Score

0.0004EPSS

2024-04-07 04:15 PM
27
cvelist
cvelist

CVE-2024-3425 SourceCodester Online Courseware activateall.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit....

6.3CVSS

7.1AI Score

0.0004EPSS

2024-04-07 04:00 PM
cve
cve

CVE-2024-3423

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has.....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-04-07 03:15 PM
25
nvd
nvd

CVE-2024-3423

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-04-07 03:15 PM
cvelist
cvelist

CVE-2024-3423 SourceCodester Online Courseware activateteach.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has.....

6.3CVSS

7.1AI Score

0.0004EPSS

2024-04-07 02:31 PM
cve
cve

CVE-2024-3422

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...

6.3CVSS

7.5AI Score

0.0004EPSS

2024-04-07 02:15 PM
29
nvd
nvd

CVE-2024-3422

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-04-07 02:15 PM
cvelist
cvelist

CVE-2024-3422 SourceCodester Online Courseware activatestud.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has...

6.3CVSS

7.1AI Score

0.0004EPSS

2024-04-07 01:31 PM
nvd
nvd

CVE-2024-3421

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-04-07 01:15 PM
cve
cve

CVE-2024-3421

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-04-07 01:15 PM
29
cvelist
cvelist

CVE-2024-3421 SourceCodester Online Courseware deactivatestud.php sql injection

A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit...

6.3CVSS

7AI Score

0.0004EPSS

2024-04-07 12:31 PM
nvd
nvd

CVE-2024-3418

A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-04-07 10:15 AM
cve
cve

CVE-2024-3418

A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-04-07 10:15 AM
31
cvelist
cvelist

CVE-2024-3418 SourceCodester Online Courseware deactivateteach.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit...

6.3CVSS

7AI Score

0.0004EPSS

2024-04-07 09:31 AM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...

10CVSS

9.7AI Score

EPSS

2024-04-04 05:35 PM
49
redhat
redhat

(RHSA-2024:1676) Important: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug...

7AI Score

EPSS

2024-04-04 03:15 PM
13
redhat
redhat

(RHSA-2024:1675) Important: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug...

7AI Score

EPSS

2024-04-04 03:15 PM
24
redhat
redhat

(RHSA-2024:1674) Important: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug...

7AI Score

EPSS

2024-04-04 03:15 PM
29
nessus
nessus

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.16 Security update (Important) (RHSA-2024:1675)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1675 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.1AI Score

EPSS

2024-04-04 12:00 AM
6
nessus
nessus

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.16 Security update (Important) (RHSA-2024:1676)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1676 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

6.7AI Score

EPSS

2024-04-04 12:00 AM
7
nessus
nessus

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.16 Security update (Important) (RHSA-2024:1674)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1674 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

7.1AI Score

EPSS

2024-04-04 12:00 AM
12
Total number of security vulnerabilities1696