An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...
6.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...
6.5CVSS
7.2AI Score
0.0004EPSS
CVE-2024-5208 Uncontrolled Resource Consumption in mintplex-labs/anything-llm
An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to...
6.5CVSS
0.0004EPSS
org.keycloak, keycloak-core is vulnerable to Credential Leakage. The vulnerability is due to a lack of proper validation and enforcement when administrators change the LDAP Connection URL without requiring re-entry of the currently configured LDAP bind credentials. The vulnerability allows an...
2.7CVSS
6.5AI Score
0.0004EPSS
The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...
8.8CVSS
0.001EPSS
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with...
9.9CVSS
0.001EPSS
The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...
8.8CVSS
8AI Score
0.001EPSS
CVE-2024-5574 WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion
The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files...
7.5CVSS
0.001EPSS
github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of input validation within the Clone() method when handling Git URLs provided by Minder users. The vulnerability allows Minder users to clone large repositories without enforcing size limits,...
5.7CVSS
6.6AI Score
0.0004EPSS
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....
9.8CVSS
9.8AI Score
0.001EPSS
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....
9.8CVSS
0.001EPSS
CVE-2024-3229 Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated.....
9.8CVSS
0.001EPSS
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
9.3CVSS
9.1AI Score
0.001EPSS
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
9.3CVSS
0.001EPSS
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...
8.8CVSS
0.001EPSS
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...
8.8CVSS
8.9AI Score
0.001EPSS
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level...
8.8CVSS
0.001EPSS
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
9.3CVSS
0.001EPSS
[SECURITY] Fedora 40 Update: kitty-0.35.1-4.fc40
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-c olor, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...
5.5CVSS
7.1AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: webkitgtk-2.44.2-2.fc40
WebKitGTK is the port of the WebKit web rendering engine to the GTK...
6.9AI Score
0.0004EPSS
curl: NULL dereference when encoding DN of x509 certificate
libcurl at commit 04739054cdac5a0614fb94e3655e313c03399f35 contains a NULL-dereference in function encodeDN() when parsing the certificate of a server during the TLS connect-phase. The vulnerable code is in lib/vtls/x509asn1.c:701: ```c static CURLcode encodeDN(struct dynbuf store, struct...
7.1AI Score
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...
8.8CVSS
9.1AI Score
0.001EPSS
Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...
8.8CVSS
0.001EPSS
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw...
8.8CVSS
0.001EPSS
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw...
8.8CVSS
9AI Score
0.001EPSS
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...
8.8CVSS
0.001EPSS
Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...
8.8CVSS
9.1AI Score
0.001EPSS
Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The...
8.8CVSS
9.1AI Score
0.001EPSS
Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The...
8.8CVSS
0.001EPSS
Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The...
8.8CVSS
9.1AI Score
0.001EPSS
Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The...
8.8CVSS
0.001EPSS
7.2AI Score
0.0004EPSS
SUSE SLES15 Security Update : podman (SUSE-SU-2024:2050-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2050-1 advisory. - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry...
8.3CVSS
8AI Score
0.0004EPSS
Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages mariadb - MariaDB database mariadb-10.6 - MariaDB database Details A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been updated to 10.6.18 in Ubuntu...
4.9CVSS
6.9AI Score
0.0005EPSS
Nextcloud Server is prone to an improper access control ...
8.1CVSS
7AI Score
0.0004EPSS
SUSE SLES15 Security Update : booth (SUSE-SU-2024:2062-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2062-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) ...
5.9CVSS
5.7AI Score
0.001EPSS
5.6CVSS
5.7AI Score
0.0004EPSS
RHEL 6 : vertx-core (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) Note that...
5.4CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.001EPSS
Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : MariaDB vulnerability (USN-6839-1)
The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6839-1 advisory. A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been...
4.9CVSS
7AI Score
0.0005EPSS
CentOS 7 : ipa (RHSA-2024:3760)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new...
8.1CVSS
6.8AI Score
0.0004EPSS
Fedora: Security Advisory for kitty (FEDORA-2024-15039ba9f9)
The remote host is missing an update for...
5.5CVSS
5.5AI Score
0.0004EPSS
openSUSE: Security Advisory for booth (SUSE-SU-2024:2062-1)
The remote host is missing an update for...
5.9CVSS
5.8AI Score
0.001EPSS
openSUSE: Security Advisory for booth (SUSE-SU-2024:2063-1)
The remote host is missing an update for...
5.9CVSS
5.8AI Score
0.001EPSS
8.3CVSS
8.5AI Score
0.0004EPSS
7.3CVSS
7.3AI Score
0.003EPSS
7.3CVSS
7.3AI Score
0.003EPSS
SUSE SLES15 / openSUSE 15 Security Update : booth (SUSE-SU-2024:2063-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2063-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server....
5.9CVSS
5.7AI Score
0.001EPSS
openSUSE: Security Advisory for booth (SUSE-SU-2024:2040-1)
The remote host is missing an update for...
5.9CVSS
5.8AI Score
0.001EPSS
3.3CVSS
7.1AI Score
0.0004EPSS