Concrete CMS Stored XSS in the Search Field
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS...
3.1CVSS
5.7AI Score
0.0004EPSS
Concrete CMS Stored XSS on the calendar color settings screen
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings...
2CVSS
5.8AI Score
0.0004EPSS
Concrete CMS Stored XSS in the Custom Class page editing
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...
3.1CVSS
6.2AI Score
0.0004EPSS
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All....
3.1CVSS
6.2AI Score
0.0004EPSS
Concrete CMS Stored XSS in blocks of type file
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security...
3.1CVSS
5.9AI Score
0.0004EPSS
Concrete CMS Stored XSS in the Search Field
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS...
3.1CVSS
5.7AI Score
0.0004EPSS
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All....
3.1CVSS
6.2AI Score
0.0004EPSS
Concrete CMS Stored XSS in the Custom Class page editing
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...
3.1CVSS
6.2AI Score
0.0004EPSS
Concrete CMS Stored XSS in blocks of type file
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security...
3.1CVSS
5.9AI Score
0.0004EPSS
Concrete CMS Stored XSS on the calendar color settings screen
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings...
2CVSS
5.8AI Score
0.0004EPSS
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS...
3.1CVSS
5.6AI Score
0.0004EPSS
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS...
3.1CVSS
3.5AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...
3.1CVSS
4AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...
3.1CVSS
3.8AI Score
0.0004EPSS
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All....
3.1CVSS
3.7AI Score
0.0004EPSS
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security...
3.1CVSS
3.7AI Score
0.0004EPSS
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security...
3.1CVSS
3.8AI Score
0.0004EPSS
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All....
3.1CVSS
3.9AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings...
2CVSS
3.5AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings...
2CVSS
3.3AI Score
0.0004EPSS
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS...
3.1CVSS
3.8AI Score
0.0004EPSS
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security...
3.1CVSS
3.9AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...
3.1CVSS
4AI Score
0.0004EPSS
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All....
3.1CVSS
4AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings...
2CVSS
3.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register addresses with PPS number...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register addresses with PPS number...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register addresses with PPS number...
6.6AI Score
0.0004EPSS
CVE-2024-26721 drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register addresses with PPS number...
6.6AI Score
0.0004EPSS
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...
9.8CVSS
10AI Score
0.004EPSS
Fedora: Security Advisory for pandoc (FEDORA-2024-b458482d48)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
Fedora: Security Advisory for pandoc (FEDORA-2024-6ad6b9f417)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register addresses with PPS number...
6.4AI Score
0.0004EPSS
Security Advisory 0095 PDF Date: April 3, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-3094 CVSSv3.1 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description Arista Networks is providing this...
10CVSS
6.6AI Score
0.133EPSS
Security Bulletin: NVIDIA CUDA Toolkit - April 2024
NVIDIA has released a software update for NVIDIA® CUDA® Toolkit. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update...
3.3CVSS
6.7AI Score
0.0004EPSS
On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability in LayerSlider, a WordPress plugin with more than 1,000,000 estimated active installations. This vulnerability can be leveraged to extract sensitive data from....
7.5CVSS
9.9AI Score
0.004EPSS
7.4AI Score
[SECURITY] Fedora 38 Update: pandoc-2.19.2-22.fc38
Pandoc is a Haskell library for converting from one markup format to anothe r, and a command-line tool that uses this library. The formats it can handle include - light markup formats (many variants of Markdown, reStructuredText, AsciiD oc, Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML...
6.3CVSS
7.1AI Score
0.001EPSS
8.8CVSS
7AI Score
0.006EPSS
[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39
Pandoc is a Haskell library for converting from one markup format to anothe r. The formats it can handle include - light markup formats (many variants of Markdown, reStructuredText, AsciiD oc, Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook formats (EPUB v2 and v3, FB2) -.....
6.3CVSS
6.2AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: pandoc-3.1.3-29.fc40
Pandoc is a Haskell library for converting from one markup format to anothe r. The formats it can handle include - light markup formats (many variants of Markdown, reStructuredText, AsciiD oc, Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook formats (EPUB v2 and v3, FB2) -.....
6.3CVSS
6.3AI Score
0.001EPSS
Fedora: Security Advisory for pandoc (FEDORA-2024-7d83cbccb6)
The remote host is missing an update for...
6.3CVSS
6.3AI Score
0.001EPSS
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via...
6.8AI Score
0.0004EPSS
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via...
6.5AI Score
0.0004EPSS
Exploit for Code Injection in Openplcproject Openplc V3 Firmware
cve-2021-31630 OpenPLC WebServer v3 - Authenticated RCE...
8.8CVSS
7.5AI Score
0.006EPSS
Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2017-11468 DESCRIPTION:...
9.8CVSS
8.9AI Score
0.963EPSS
[SECURITY] Fedora 38 Update: perl-Data-UUID-1.227-1.fc38
This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 1 28 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...
5.5CVSS
5.5AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: perl-Data-UUID-1.227-1.fc39
This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 1 28 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...
5.5CVSS
5.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: perl-Data-UUID-1.227-1.fc40
This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 1 28 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...
5.5CVSS
5.5AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-a58a7e2388)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS