Lucene search

K

P10, P10 Plus Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2023-49333

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...

8.3CVSS

7.9AI Score

0.0004EPSS

2024-05-20 05:51 PM
cvelist
cvelist

CVE-2023-49333

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph...

8.3CVSS

8.7AI Score

0.0004EPSS

2024-05-20 05:51 PM
vulnrichment
vulnrichment

CVE-2023-49332

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...

8.3CVSS

8AI Score

0.0004EPSS

2024-05-20 05:45 PM
cvelist
cvelist

CVE-2023-49332

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file...

8.3CVSS

8.8AI Score

0.0004EPSS

2024-05-20 05:45 PM
cvelist
cvelist

CVE-2023-49331

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...

8.3CVSS

8.7AI Score

0.0004EPSS

2024-05-20 05:35 PM
vulnrichment
vulnrichment

CVE-2023-49331

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search...

8.3CVSS

7.9AI Score

0.0004EPSS

2024-05-20 05:35 PM
githubexploit
githubexploit

Exploit for Improper Restriction of Excessive Authentication Attempts in Netgate Pfsense Plus

[CVE-2023-27100 - pfSense Anti-brute force protection bypass]...

9.8CVSS

7.3AI Score

0.002EPSS

2024-05-20 01:35 PM
104
cve
cve

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...

8.3CVSS

8.1AI Score

0.0004EPSS

2024-05-20 01:15 PM
25
nvd
nvd

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...

8.3CVSS

8.8AI Score

0.0004EPSS

2024-05-20 01:15 PM
vulnrichment
vulnrichment

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...

8.3CVSS

8.2AI Score

0.0004EPSS

2024-05-20 12:19 PM
1
cvelist
cvelist

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report...

8.3CVSS

8.8AI Score

0.0004EPSS

2024-05-20 12:19 PM
2
f5
f5

K000139680: MySQL2 vulnerability CVE-2024-21508

Security Advisory Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. (CVE-2024-21508) Impact There is no impact; F5 products are not...

7.8AI Score

0.0004EPSS

2024-05-20 12:00 AM
7
f5
f5

K000139682: Speculative race conditions vulnerabilities CVE-2024-2193 and CVE-2024-26602

Security Advisory Description CVE-2024-2193 A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data...

5.5AI Score

0.0004EPSS

2024-05-20 12:00 AM
8
f5
f5

K000139678: MySQL Server vulnerability CVE-2024-21055

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

6AI Score

0.0004EPSS

2024-05-20 12:00 AM
7
f5
f5

K000139684: AMD processors vulnerability CVE-2023-20569

Security Advisory Description A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. (CVE-2023-20569) Impact...

6.3AI Score

0.0004EPSS

2024-05-20 12:00 AM
5
f5
f5

K000139692: Websense vulnerabilities CVE-2006-2035 and CVE-2010-5144

Security Advisory Description CVE-2006-2035 Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. CVE-2010-5144 The ISAPI Filter plug-in in Websense...

7.1AI Score

0.002EPSS

2024-05-20 12:00 AM
3
wired
wired

US Official Warns a Cell Network Flaw Is Being Exploited for Spying

Plus: Three arrested in North Korean IT workers fraud ring, Tesla staffers shared videos from owners’ cars, and...

7.3AI Score

2024-05-18 10:00 AM
10
nvd
nvd

CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
1
cve
cve

CVE-2023-47178

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through...

8.6CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
61
cvelist
cvelist

CVE-2023-47178 WordPress The Plus Addons for Elementor Pro plugin <= 5.2.8 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-05-17 08:35 AM
1
vulnrichment
vulnrichment

CVE-2023-47178 WordPress The Plus Addons for Elementor Pro plugin <= 5.2.8 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects The Plus Addons for Elementor Pro: from n/a through...

8.6CVSS

6.9AI Score

0.0004EPSS

2024-05-17 08:35 AM
f5
f5

K000139668: MySQL Server vulnerabilities CVE-2024-21000 and CVE-2024-21008

Security Advisory Description CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with...

4.5AI Score

0.0004EPSS

2024-05-17 12:00 AM
9
f5
f5

K000139667: MySQL vulnerability CVE-2024-21056

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

4.7AI Score

0.0004EPSS

2024-05-17 12:00 AM
6
nessus
nessus

EulerOS Virtualization 3.0.6.0 : openssh (EulerOS-SA-2024-1694)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

6.5CVSS

8.3AI Score

0.962EPSS

2024-05-17 12:00 AM
1
f5
f5

K000139641: libxml2 vulnerability CVE-2023-28484

Security Advisory Description In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. (CVE-2023-28484) Impact This vulnerability allows a remote, authenticated...

6.3AI Score

0.001EPSS

2024-05-17 12:00 AM
11
openvas
openvas

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1694)

The remote host is missing an update for the Huawei...

6.5CVSS

7AI Score

0.962EPSS

2024-05-17 12:00 AM
3
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

10CVSS

9.5AI Score

EPSS

2024-05-16 01:04 PM
21
nvd
nvd

CVE-2024-4838

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with...

8.8CVSS

8.8AI Score

0.001EPSS

2024-05-16 11:15 AM
cve
cve

CVE-2024-4838

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with...

8.8CVSS

7AI Score

0.001EPSS

2024-05-16 11:15 AM
23
cvelist
cvelist

CVE-2024-4838 ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with...

8.8CVSS

9.3AI Score

0.001EPSS

2024-05-16 11:05 AM
vulnrichment
vulnrichment

CVE-2024-4838 ConvertPlus <= 3.5.26 - Authenticated (Contributor+) PHP Object Injection

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-16 11:05 AM
f5
f5

K000139630: Expat vulnerability CVE-2023-52425

Security Advisory Description libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. (CVE-2023-52425) Impact An attacker may be able to cause an increase in memory...

6AI Score

0.001EPSS

2024-05-16 12:00 AM
8
f5
f5

K000139652: Intel CPU vulnerability CVE-2023-23583

Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....

6.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
6
wpvulndb
wpvulndb

WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload.....

8.2AI Score

0.0004EPSS

2024-05-16 12:00 AM
8
f5
f5

K000139653: Intel(R) QAT Library vulnerability CVE-2023-22313

Security Advisory Description Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-22313) Impact There is no impact; F5 products are not affected by this...

5.9AI Score

0.0004EPSS

2024-05-16 12:00 AM
3
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...

7.8CVSS

7.7AI Score

0.0005EPSS

2024-05-16 12:00 AM
8
f5
f5

K000139643: Node-tar vulnerability CVE-2024-28863

Security Advisory Description node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash...

6AI Score

0.0004EPSS

2024-05-16 12:00 AM
8
f5
f5

K000139646: MySQL Server vulnerabilities CVE-2024-21052 and CVE-2024-21053

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

5.7AI Score

0.0004EPSS

2024-05-16 12:00 AM
2
wpvulndb
wpvulndb

gee Search Plus, improved WordPress search <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The gee Search Plus, improved WordPress search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.9AI Score

0.0004EPSS

2024-05-16 12:00 AM
5
f5
f5

K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383

Security Advisory Description CVE-2023-24592 Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some...

6.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
6
f5
f5

K000139637: Expat vulnerability CVE-2024-28757

Security Advisory Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). (CVE-2024-28757) Impact An attacker may be able to use an XML Entity Expansion attack, consuming all system...

5.8AI Score

0.0004EPSS

2024-05-16 12:00 AM
7
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael....

8.3AI Score

EPSS

2024-05-15 12:00 AM
6
nessus
nessus

EulerOS Virtualization 2.11.0 : libssh (EulerOS-SA-2024-1628)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS

7.8AI Score

0.962EPSS

2024-05-15 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1612)

The remote host is missing an update for the Huawei...

6.5CVSS

7.1AI Score

0.962EPSS

2024-05-15 12:00 AM
7
f5
f5

K000139618: MySQL vulnerabilities CVE-2024-21054, CVE-2024-21009, CVE-2024-20993, and CVE-2024-21102

Security Advisory Description CVE-2024-21054 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network...

5.7AI Score

0.001EPSS

2024-05-15 12:00 AM
9
nessus
nessus

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1644-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if...

7.8CVSS

6.9AI Score

EPSS

2024-05-15 12:00 AM
9
openvas
openvas

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1628)

The remote host is missing an update for the Huawei...

5.9CVSS

7.1AI Score

0.962EPSS

2024-05-15 12:00 AM
4
openvas
openvas

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1631)

The remote host is missing an update for the Huawei...

6.5CVSS

7.1AI Score

0.962EPSS

2024-05-15 12:00 AM
2
nessus
nessus

EulerOS Virtualization 2.11.1 : libssh (EulerOS-SA-2024-1609)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

5.9CVSS

7.8AI Score

0.962EPSS

2024-05-15 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1641-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single...

7.8CVSS

7.6AI Score

EPSS

2024-05-15 12:00 AM
5
Total number of security vulnerabilities14777