P10, P10 Plus Security Vulnerabilities
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.8CVSS
9.4AI Score
0.001EPSS
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File...
9.8CVSS
9.4AI Score
0.001EPSS
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.8CVSS
7.2AI Score
0.001EPSS
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.8CVSS
9.4AI Score
0.001EPSS
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.8CVSS
9.4AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
9.6AI Score
0.001EPSS
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File...
9.8CVSS
7.1AI Score
0.001EPSS
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.8CVSS
9.5AI Score
0.001EPSS
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File...
9.8CVSS
9.3AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
8.4AI Score
0.001EPSS
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.8CVSS
7.5AI Score
0.001EPSS
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File...
9.8CVSS
7.4AI Score
0.001EPSS
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.8CVSS
7.4AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
8.4AI Score
0.001EPSS
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.7AI Score
0.001EPSS
EulerOS 2.0 SP9 : libssh (EulerOS-SA-2024-1177)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
7AI Score
0.963EPSS
EulerOS 2.0 SP9 : libssh2 (EulerOS-SA-2024-1178)
According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
6.9AI Score
0.963EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via...
10AI Score
0.001EPSS
EulerOS 2.0 SP9 : libssh2 (EulerOS-SA-2024-1198)
According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
6.9AI Score
0.963EPSS
EulerOS 2.0 SP9 : libssh (EulerOS-SA-2024-1197)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
7AI Score
0.963EPSS
Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed...
6.8AI Score
0.0004EPSS
Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts). PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets.....
6.3AI Score
0.0004EPSS
Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed...
6.8AI Score
0.0004EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via...
9.9AI Score
0.001EPSS
Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events). PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets.....
6.3AI Score
0.0004EPSS
EulerOS 2.0 SP9 : openssh (EulerOS-SA-2024-1183)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
6.5CVSS
7.6AI Score
0.963EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via...
10AI Score
0.001EPSS
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File...
9.6AI Score
0.001EPSS
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File...
9.7AI Score
0.001EPSS
EulerOS 2.0 SP9 : openssh (EulerOS-SA-2024-1203)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
6.5CVSS
7.6AI Score
0.963EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via...
10AI Score
0.001EPSS
Dell Client BIOS DoS (DSA-2023-176)
The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by a denial of service vulnerability. Due to a signed to unsigned conversion error, a local attacker with administrator privileges can cause a denial of service condition on an affected device. Note that...
6.7CVSS
4.8AI Score
0.0004EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via...
9.9AI Score
0.001EPSS
Ski & bike helmets protect your head, not location or voice
TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects ~1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a.....
7.3AI Score
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
8.1AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
9.7AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
9.7AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
8.2AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via...
10AI Score
0.001EPSS
ManageEngine ADAudit Plus < Build 7271 Multiple Vulnerabilities
The ManageEngine ADAudit Plus running on the remote host is prior to build 7271. It is, therefore, affected by mutliple SQL injection vulnerabilities: - ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. (CVE-2024-0253) -...
9.8CVSS
9.5AI Score
0.077EPSS
K000138517 : Python-Pillow vulnerability CVE-2023-44271
Security Advisory Description An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an.....
7.5CVSS
7AI Score
0.001EPSS
K000138511 : Linux kernel vulnerability CVE-2023-38427
Security Advisory Description An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. (CVE-2023-38427) Impact There is no impact; F5 products are not affected by this...
9.8CVSS
6.6AI Score
0.001EPSS
AppSec is harder than you think. Here’s how AI can help.
Find vulnerabilities earlier, ship software faster. These are the good intentions behind the drive to shift application security workflows from security teams to developers: a “shift left” move in the software development lifecycle. But does it really work? In practice, shifting left has been more....
7AI Score
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
9.7AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via...
9.8CVSS
8.1AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via...
9.8CVSS
9.7AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
8.1AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via...
9.8CVSS
9.7AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via...
9.8CVSS
9.7AI Score
0.001EPSS
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via...
9.8CVSS
8.2AI Score
0.001EPSS