Lucene search

K

OMGF | Host Google Fonts Locally Security Vulnerabilities

osv
osv

Malicious code in addthis-wordpress-plugin (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (6d8ae72ce3501b8463193222bf9bebe2913ee52bf39fb10c8c9aa2f2049ebaa5) The OpenSSF Package Analysis project identified 'addthis-wordpress-plugin' @ 2.0.0 (npm) as malicious. It is considered malicious because: The...

7.3AI Score

2024-06-12 09:51 AM
2
osv
osv

Malicious code in ing-feat-grants-granting (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (dd31269fee3651913ad04ebb491f4b2800b884e18bf1fe58bfdcaa172bedb657) The OpenSSF Package Analysis project identified 'ing-feat-grants-granting' @ 200.0.0 (npm) as malicious. It is considered malicious because: The...

7.3AI Score

2024-06-12 09:40 AM
cve
cve

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host...

8.1CVSS

8AI Score

0.0004EPSS

2024-06-12 09:15 AM
22
nvd
nvd

CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host...

8.1CVSS

0.0004EPSS

2024-06-12 09:15 AM
2
nvd
nvd

CVE-2023-52177

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-12 09:15 AM
1
cve
cve

CVE-2023-52177

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-06-12 09:15 AM
25
osv
osv

CGA-8pcv-r7p9-7rjm

Bulletin has no...

7.2AI Score

2024-06-12 09:03 AM
1
cvelist
cvelist

CVE-2024-5154 Cri-o: malicious container can create symlink on host

A flaw was found in cri-o. A malicious container can create a symbolic link pointing to an arbitrary directory or file on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host...

8.1CVSS

0.0004EPSS

2024-06-12 08:51 AM
2
thn
thn

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...

7AI Score

2024-06-12 08:47 AM
1
cvelist
cvelist

CVE-2023-52177 WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-12 08:42 AM
3
osv
osv

CGA-mw83-3mm4-xqwq

Bulletin has no...

5.3CVSS

5.2AI Score

0.001EPSS

2024-06-12 08:06 AM
osv
osv

CGA-jj45-rqfh-mhq4

Bulletin has no...

7.2AI Score

2024-06-12 08:06 AM
osv
osv

CGA-vxwm-jjvq-32cx

Bulletin has no...

7.2AI Score

2024-06-12 08:06 AM
osv
osv

CGA-p742-c49q-3j94

Bulletin has no...

5.9CVSS

6.4AI Score

0.001EPSS

2024-06-12 08:05 AM
osv
osv

CGA-hq78-8245-675v

Bulletin has no...

7.5CVSS

6.7AI Score

0.0004EPSS

2024-06-12 08:05 AM
osv
osv

CGA-f849-gq83-8362

Bulletin has no...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-12 08:05 AM
osv
osv

CGA-9q75-mmfg-qh8f

Bulletin has no...

5.3CVSS

5.2AI Score

0.001EPSS

2024-06-12 08:05 AM
osv
osv

CGA-7xpg-x857-4qf9

Bulletin has no...

8.8CVSS

8.5AI Score

0.001EPSS

2024-06-12 08:05 AM
osv
osv

CGA-cf8c-xqvc-jhcx

Bulletin has no...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-12 08:05 AM
osv
osv

CGA-84j3-w824-wv4x

Bulletin has no...

9.8CVSS

9.5AI Score

0.932EPSS

2024-06-12 08:05 AM
2
osv
osv

CGA-c8pv-52m7-2mhm

Bulletin has no...

8.2CVSS

8.2AI Score

0.0004EPSS

2024-06-12 08:05 AM
osv
osv

CGA-77h5-pgh2-r2fg

Bulletin has no...

5.6CVSS

6.7AI Score

0.0004EPSS

2024-06-12 08:05 AM
osv
osv

CGA-64x3-8rfh-jpqf

Bulletin has no...

8.8CVSS

8.5AI Score

0.001EPSS

2024-06-12 08:05 AM
2
osv
osv

CGA-gvwm-h3qq-8679

Bulletin has no...

9.8CVSS

9.5AI Score

0.932EPSS

2024-06-12 08:05 AM
osv
osv

CGA-5mr6-pxmv-g3rf

Bulletin has no...

7.2AI Score

2024-06-12 08:05 AM
osv
osv

CGA-3hpq-6pch-94j5

Bulletin has no...

5.9CVSS

6.4AI Score

0.001EPSS

2024-06-12 08:05 AM
1
osv
osv

CGA-g75w-3gxm-gj8g

Bulletin has no...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-12 08:05 AM
githubexploit
githubexploit

Exploit for CVE-2024-3922

CVE-2024-3922-Poc Dokan Pro &lt;= 3.10.3 - Unauthenticated...

10CVSS

7.8AI Score

0.001EPSS

2024-06-12 07:42 AM
13
osv
osv

BIT-suitecrm-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

6.8AI Score

0.001EPSS

2024-06-12 07:39 AM
osv
osv

BIT-suitecrm-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

6.5CVSS

7AI Score

0.0005EPSS

2024-06-12 07:39 AM
1
osv
osv

BIT-suitecrm-2024-36408

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:39 AM
osv
osv

BIT-suitecrm-2024-36409

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
osv
osv

BIT-suitecrm-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
osv
osv

BIT-suitecrm-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
osv
osv

BIT-suitecrm-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

7.7AI Score

0.001EPSS

2024-06-12 07:38 AM
osv
osv

BIT-suitecrm-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.9CVSS

6.1AI Score

0.0004EPSS

2024-06-12 07:37 AM
osv
osv

BIT-suitecrm-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

7.7CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
osv
osv

BIT-suitecrm-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.1CVSS

7.6AI Score

0.001EPSS

2024-06-12 07:37 AM
osv
osv

BIT-suitecrm-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.6CVSS

6.8AI Score

0.0005EPSS

2024-06-12 07:37 AM
1
osv
osv

BIT-suitecrm-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

6.2AI Score

0.001EPSS

2024-06-12 07:36 AM
1
osv
osv

BIT-suitecrm-2024-36418

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

8.5CVSS

7.6AI Score

0.0004EPSS

2024-06-12 07:36 AM
osv
osv

BIT-suitecrm-2024-36419

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...

4.3CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:36 AM
osv
osv

BIT-php-2024-2408

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 ...

5.9CVSS

6.3AI Score

0.001EPSS

2024-06-12 07:31 AM
osv
osv

BIT-php-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-12 07:30 AM
3
osv
osv

BIT-php-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs)....

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-12 07:30 AM
osv
osv

BIT-php-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command....

9.4CVSS

8.1AI Score

0.001EPSS

2024-06-12 07:30 AM
2
osv
osv

BIT-composer-2024-35241

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are.....

8.8CVSS

8.8AI Score

0.0004EPSS

2024-06-12 07:16 AM
osv
osv

BIT-composer-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-12 07:16 AM
thn
thn

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....

9.8CVSS

8.7AI Score

0.05EPSS

2024-06-12 04:26 AM
13
osv
osv

Malicious code in blueprint-org-planning-app-adp-wrapper (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (9ce904784ecde9ca4b860730c45d27dbca01912380066fe5415b10d3f17f0af8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-06-12 04:18 AM
Total number of security vulnerabilities661628