Lucene search

K

Interactive Contact Form And Multi Step Form Builder With Drag & Drop Editor Security Vulnerabilities

cve
cve

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

9.1AI Score

EPSS

2024-06-17 08:15 PM
1
cve
cve

CVE-2024-37902

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model....

10CVSS

9.3AI Score

EPSS

2024-06-17 08:15 PM
3
cve
cve

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

7.4AI Score

EPSS

2024-06-17 08:15 PM
2
cve
cve

CVE-2024-37893

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from...

5.9CVSS

6AI Score

EPSS

2024-06-17 08:15 PM
4
nvd
nvd

CVE-2024-37893

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from...

5.9CVSS

EPSS

2024-06-17 08:15 PM
2
nvd
nvd

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

EPSS

2024-06-17 08:15 PM
nvd
nvd

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

EPSS

2024-06-17 08:15 PM
2
cve
cve

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

4.8AI Score

EPSS

2024-06-17 08:15 PM
cve
cve

CVE-2024-37895

Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue....

5.7CVSS

5.5AI Score

EPSS

2024-06-17 08:15 PM
2
nvd
nvd

CVE-2024-37895

Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue....

5.7CVSS

EPSS

2024-06-17 08:15 PM
1
nvd
nvd

CVE-2024-37305

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...

8.2CVSS

EPSS

2024-06-17 08:15 PM
1
cve
cve

CVE-2024-37305

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...

8.2CVSS

8.1AI Score

EPSS

2024-06-17 08:15 PM
1
hackread
hackread

The Future of Pi Coin: Potential and Predictions

Discover Pi Coin, the Stanford-developed cryptocurrency revolutionizing mobile mining. Explore its potential, features, and predictions for 2025. Join the future of digital currency...

7.4AI Score

2024-06-17 08:04 PM
openbugbounty
openbugbounty

link.anti-crise.fr Open Redirect vulnerability OBB-3936002

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 08:04 PM
3
openbugbounty
openbugbounty

priegeltje.nl Open Redirect vulnerability OBB-3936001

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:47 PM
4
cvelist
cvelist

CVE-2024-37305 Buffer overflow in deserialization in oqs-provider

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of...

8.2CVSS

EPSS

2024-06-17 07:42 PM
cvelist
cvelist

CVE-2024-37893 MFA bypass in oauth flow in Firefly III

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from...

5.9CVSS

EPSS

2024-06-17 07:39 PM
2
cvelist
cvelist

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

8.8CVSS

EPSS

2024-06-17 07:33 PM
1
cvelist
cvelist

CVE-2024-6062 GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...

3.3CVSS

EPSS

2024-06-17 07:31 PM
1
cvelist
cvelist

CVE-2024-6061 GPAC MP4Box isoffin_read.c isoffin_process infinite loop

A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch...

3.3CVSS

EPSS

2024-06-17 07:31 PM
1
cvelist
cvelist

CVE-2024-37895 API Key Leak in lobe-chat

Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue....

5.7CVSS

EPSS

2024-06-17 07:28 PM
1
cvelist
cvelist

CVE-2024-37902 Path thraversal in DeepJavaLibrary

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model....

10CVSS

EPSS

2024-06-17 07:25 PM
2
redhatcve
redhatcve

CVE-2021-47460

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode format to a normal...

7.5AI Score

0.0004EPSS

2024-06-17 07:21 PM
cvelist
cvelist

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

EPSS

2024-06-17 07:18 PM
2
openbugbounty
openbugbounty

api.almapay.co Open Redirect vulnerability OBB-3936000

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:18 PM
4
cve
cve

CVE-2024-6059

A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...

2.4CVSS

3.3AI Score

EPSS

2024-06-17 07:15 PM
3
nvd
nvd

CVE-2024-6059

A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...

2.4CVSS

EPSS

2024-06-17 07:15 PM
nvd
nvd

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

EPSS

2024-06-17 07:15 PM
cve
cve

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...

6.9AI Score

EPSS

2024-06-17 07:15 PM
2
cve
cve

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

8.6AI Score

EPSS

2024-06-17 07:15 PM
2
nvd
nvd

CVE-2024-38449

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the...

EPSS

2024-06-17 07:15 PM
2
nvd
nvd

CVE-2024-36543

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...

EPSS

2024-06-17 07:15 PM
1
cve
cve

CVE-2024-38449

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the...

6.7AI Score

EPSS

2024-06-17 07:15 PM
2
openbugbounty
openbugbounty

api.linkr.bio Open Redirect vulnerability OBB-3935999

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:10 PM
3
github
github

ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const WebSocket = require('ws'); const wss = new WebSocket.Server({ port: 0 }, function () { const chars =...

7.5CVSS

6.7AI Score

EPSS

2024-06-17 07:09 PM
1
cvelist
cvelist

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

7.5CVSS

EPSS

2024-06-17 07:09 PM
2
openbugbounty
openbugbounty

nissim.slama.free.fr Open Redirect vulnerability OBB-3935997

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:06 PM
4
openbugbounty
openbugbounty

groschbau.de Cross Site Scripting vulnerability OBB-3935996

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 07:03 PM
3
openbugbounty
openbugbounty

kartoffel-salat.de Cross Site Scripting vulnerability OBB-3935995

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 07:00 PM
3
openbugbounty
openbugbounty

sosyre.de Cross Site Scripting vulnerability OBB-3935994

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:52 PM
4
openbugbounty
openbugbounty

sg-balk.de Cross Site Scripting vulnerability OBB-3935993

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:49 PM
2
openbugbounty
openbugbounty

mixedcocktails.de Cross Site Scripting vulnerability OBB-3935992

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:47 PM
4
openbugbounty
openbugbounty

studyator.de Cross Site Scripting vulnerability OBB-3935991

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:44 PM
4
openbugbounty
openbugbounty

joy-livemusic.de Cross Site Scripting vulnerability OBB-3935990

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:42 PM
4
cvelist
cvelist

CVE-2024-6059 Ingenico Estate Manager News Feed messages cross site scripting

A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...

2.4CVSS

EPSS

2024-06-17 06:31 PM
2
openbugbounty
openbugbounty

motu-almanach.de Cross Site Scripting vulnerability OBB-3935989

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:30 PM
4
openbugbounty
openbugbounty

bunifoto.de Cross Site Scripting vulnerability OBB-3935988

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:25 PM
2
openbugbounty
openbugbounty

d-zent-web.de Cross Site Scripting vulnerability OBB-3935987

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:23 PM
4
openbugbounty
openbugbounty

mager-web.de Cross Site Scripting vulnerability OBB-3935986

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:21 PM
3
openbugbounty
openbugbounty

diepianistin.de Cross Site Scripting vulnerability OBB-3935985

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:19 PM
2
Total number of security vulnerabilities2828543