Lucene search

K

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics Security Vulnerabilities

osv
osv

Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`

Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially...

6.2AI Score

2024-06-07 09:59 PM
1
github
github

Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`

Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially...

6.2AI Score

2024-06-07 09:59 PM
1
osv
osv

Zend-Mail remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

7AI Score

2024-06-07 09:19 PM
github
github

Zend-Mail remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

7AI Score

2024-06-07 09:19 PM
1
osv
osv

ZendFramework potential remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

7.2AI Score

2024-06-07 08:47 PM
github
github

ZendFramework potential remote code execution in zend-mail via Sendmail adapter

When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...

7.2AI Score

2024-06-07 08:47 PM
2
osv
osv

linux, linux-gcp, linux-gcp-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-raspi vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

7.8CVSS

8.6AI Score

0.001EPSS

2024-06-07 08:18 PM
1
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577 Vulnerability Checker This script is designed...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-07 08:10 PM
135
github
github

TYPO3 Cross-Site Scripting in Form Framework

Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site...

6.7AI Score

2024-06-07 06:24 PM
osv
osv

TYPO3 Cross-Site Scripting in Form Framework

Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site...

6.7AI Score

2024-06-07 06:24 PM
2
osv
osv

linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Zheng Wang discovered that the...

7.8CVSS

8AI Score

0.0005EPSS

2024-06-07 06:18 PM
github
github

TYPO3 Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with...

6.7AI Score

2024-06-07 05:16 PM
osv
osv

TYPO3 Cross-Site Scripting in Link Handling

It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with...

6.7AI Score

2024-06-07 05:16 PM
2
malwarebytes
malwarebytes

Google will start deleting location history

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....

6.7AI Score

2024-06-07 04:26 PM
4
ibm
ibm

Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities

Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13631 DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code...

9.8CVSS

9.1AI Score

EPSS

2024-06-07 03:32 PM
6
cve
cve

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...

9.8CVSS

7.8AI Score

EPSS

2024-06-07 01:15 PM
24
nvd
nvd

CVE-2024-36673

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...

9.8CVSS

EPSS

2024-06-07 01:15 PM
7
kitploit
kitploit

PIP-INTEL - OSINT and Cyber Intelligence Tool

Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...

7AI Score

2024-06-07 12:30 PM
18
osv
osv

BIT-golang-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.3AI Score

0.0004EPSS

2024-06-07 07:18 AM
veracode
veracode

Cross-site Request Forgery (CSRF)

moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the admin management of analytics models, which fails to prevent CSRF risks because it does not include the necessary...

6.4AI Score

0.0004EPSS

2024-06-07 07:10 AM
ptsecurity
ptsecurity

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

2.1AI Score

EPSS

2024-06-07 12:00 AM
1014
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0212)

The remote host is missing an update for...

6.6AI Score

0.0004EPSS

2024-06-07 12:00 AM
2
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6820-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6820-1 advisory. It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free...

8CVSS

8.6AI Score

0.0004EPSS

2024-06-07 12:00 AM
nessus
nessus

Ollama < 0.1.29 DNS Rebinding

The version of Ollama installed on the remote host is prior to 0.1.29. It is, therefore, affected by a DNS rebinding vulnerability. Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a...

7.3AI Score

0.0004EPSS

2024-06-07 12:00 AM
ptsecurity
ptsecurity

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

2.1AI Score

EPSS

2024-06-07 12:00 AM
900
nessus
nessus

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6816-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6816-1 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer...

7.8CVSS

8.7AI Score

0.0005EPSS

2024-06-07 12:00 AM
wpvulndb
wpvulndb

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.78 - Reflected Cross-Site Scripting

Description The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS

6.3AI Score

0.0005EPSS

2024-06-07 12:00 AM
packetstorm

7.4AI Score

2024-06-07 12:00 AM
75
f5
f5

K000139953: PHP vulnerability CVE-2024-4577

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. (CVE-2024-4577) Impact There is no impact; F5 products are not affected by this.....

9.8CVSS

9.3AI Score

0.932EPSS

2024-06-07 12:00 AM
32
ubuntu
ubuntu

Linux kernel vulnerabilities

Releases Ubuntu 24.04 LTS Packages linux - Linux kernel linux-ibm - Linux kernel for IBM cloud systems linux-lowlatency - Linux low latency kernel linux-raspi - Linux kernel for Raspberry Pi systems Details Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly...

7.8CVSS

8.5AI Score

0.0005EPSS

2024-06-07 12:00 AM
3
nessus
nessus

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6818-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-1 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

8.4AI Score

0.001EPSS

2024-06-07 12:00 AM
2
hackread
hackread

New EmailGPT Flaw Puts User Data at Risk: Remove the Extension NOW

Synopsys warns of a new prompt injection hack involving a security vulnerability in EmailGPT, a popular AI...

7.7AI Score

2024-06-06 08:46 PM
2
amazon
amazon

Medium: cri-tools

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.3AI Score

0.0004EPSS

2024-06-06 08:17 PM
cve
cve

CVE-2024-5552

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes...

7.5CVSS

7.2AI Score

0.0004EPSS

2024-06-06 07:16 PM
23
nvd
nvd

CVE-2024-5552

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes...

7.5CVSS

0.0004EPSS

2024-06-06 07:16 PM
nvd
nvd

CVE-2024-3404

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...

6.5CVSS

0.0004EPSS

2024-06-06 07:16 PM
1
cve
cve

CVE-2024-3404

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-06-06 07:16 PM
24
osv
osv

Contract balance not updating correctly after interchain transaction

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Details We discovered a bug walking through how to liquid stake using Safe which...

7.5CVSS

7.9AI Score

0.0004EPSS

2024-06-06 06:51 PM
github
github

Contract balance not updating correctly after interchain transaction

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Details We discovered a bug walking through how to liquid stake using Safe which...

7.5CVSS

7.9AI Score

0.0004EPSS

2024-06-06 06:51 PM
mageia
mageia

Updated amavisd-new packages fix security vulnerability

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or...

6.9AI Score

0.0004EPSS

2024-06-06 06:48 PM
2
cvelist
cvelist

CVE-2024-3404 Improper Access Control in gaizhenbiao/chuanhuchatgpt

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...

6.5CVSS

0.0004EPSS

2024-06-06 06:45 PM
2
vulnrichment
vulnrichment

CVE-2024-3404 Improper Access Control in gaizhenbiao/chuanhuchatgpt

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-06-06 06:45 PM
github
github

evmos allows transferring unvested tokens after delegations

Impact This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts. Wrong spendable balance computation The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the...

3.5CVSS

4.3AI Score

0.0004EPSS

2024-06-06 06:21 PM
3
osv
osv

evmos allows transferring unvested tokens after delegations

Impact This advisory has been created to address the following vulnerabilities found in the Evmos codebase and affecting vesting accounts. Wrong spendable balance computation The spendable balance is not updated properly when delegating vested tokens. The following example help in describing the...

3.5CVSS

4.3AI Score

0.0004EPSS

2024-06-06 06:21 PM
4
osv
osv

CVE-2024-3033

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific....

9.1CVSS

6.8AI Score

0.0004EPSS

2024-06-06 06:15 PM
1
cve
cve

CVE-2024-3033

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific....

9.1CVSS

9AI Score

0.0004EPSS

2024-06-06 06:15 PM
23
nvd
nvd

CVE-2024-3033

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific....

9.1CVSS

0.0004EPSS

2024-06-06 06:15 PM
vulnrichment
vulnrichment

CVE-2024-5552 ReDoS in kubeflow/kubeflow

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-06 06:09 PM
cvelist
cvelist

CVE-2024-5552 ReDoS in kubeflow/kubeflow

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes...

7.5CVSS

0.0004EPSS

2024-06-06 06:09 PM
1
talosblog
talosblog

The sliding doors of misinformation that come with AI-generated search results

As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...

7.2AI Score

2024-06-06 06:00 PM
9
Total number of security vulnerabilities163812