Lucene search

K

Popups, Welcome Bar, Optins And Lead Generation Plugin – Icegram Security Vulnerabilities

redhatcve
redhatcve

CVE-2024-38385

In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the.....

7.2AI Score

EPSS

2024-06-25 08:25 PM
cvelist
cvelist

CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information...

6.5CVSS

EPSS

2024-06-25 08:25 PM
2
redhatcve
redhatcve

CVE-2024-38306

In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG] Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error messages like this: BUG: Bad page state in...

7.5AI Score

EPSS

2024-06-25 08:25 PM
1
redhatcve
redhatcve

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)...

7AI Score

EPSS

2024-06-25 08:25 PM
1
openbugbounty
openbugbounty

ubaldlalime.com Cross Site Scripting vulnerability OBB-3938882

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:25 PM
3
redhatcve
redhatcve

CVE-2021-4440

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

7AI Score

EPSS

2024-06-25 08:24 PM
openbugbounty
openbugbounty

terrys-service.com Cross Site Scripting vulnerability OBB-3938879

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:24 PM
3
openbugbounty
openbugbounty

t1rex.com Cross Site Scripting vulnerability OBB-3938878

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:24 PM
3
openbugbounty
openbugbounty

tolliversflowershop.com Cross Site Scripting vulnerability OBB-3938880

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:24 PM
3
cvelist
cvelist

CVE-2024-5016 WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

7.2CVSS

EPSS

2024-06-25 08:23 PM
1
openbugbounty
openbugbounty

sydkusten.es Cross Site Scripting vulnerability OBB-3938877

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:23 PM
3
openbugbounty
openbugbounty

ripledd.com Cross Site Scripting vulnerability OBB-3938875

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:22 PM
2
openbugbounty
openbugbounty

qemjanitorial.com Cross Site Scripting vulnerability OBB-3938873

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:21 PM
2
openbugbounty
openbugbounty

perreux.fr Cross Site Scripting vulnerability OBB-3938871

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:19 PM
2
openbugbounty
openbugbounty

npzl.be Cross Site Scripting vulnerability OBB-3938869

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:18 PM
3
openbugbounty
openbugbounty

lutonsynagogue.org.uk Cross Site Scripting vulnerability OBB-3938865

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:16 PM
2
nvd
nvd

CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS

9.9AI Score

EPSS

2024-06-25 08:15 PM
7
nvd
nvd

CVE-2024-5010

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive...

7.5CVSS

EPSS

2024-06-25 08:15 PM
2
nvd
nvd

CVE-2024-5008

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...

8.8CVSS

EPSS

2024-06-25 08:15 PM
1
nvd
nvd

CVE-2024-5011

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of...

7.5CVSS

EPSS

2024-06-25 08:15 PM
1
cve
cve

CVE-2024-5008

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...

8.8CVSS

8.7AI Score

EPSS

2024-06-25 08:15 PM
2
cve
cve

CVE-2024-5010

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive...

7.5CVSS

7.3AI Score

EPSS

2024-06-25 08:15 PM
3
cve
cve

CVE-2024-5011

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of...

7.5CVSS

7.5AI Score

EPSS

2024-06-25 08:15 PM
1
nvd
nvd

CVE-2024-4498

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /apply_settings function, allowing an attacker to manipulate the...

7.7CVSS

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-4498

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /apply_settings function, allowing an attacker to manipulate the...

7.7CVSS

7.9AI Score

EPSS

2024-06-25 08:15 PM
3
nvd
nvd

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

4.3CVSS

EPSS

2024-06-25 08:15 PM
debiancve
debiancve

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...

6.3CVSS

7.1AI Score

EPSS

2024-06-25 08:15 PM
1
nvd
nvd

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service...

6.3CVSS

EPSS

2024-06-25 08:15 PM
cve
cve

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

4.3CVSS

4.7AI Score

EPSS

2024-06-25 08:15 PM
2
cve
cve

CVE-2024-37894

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service...

6.3CVSS

6.3AI Score

EPSS

2024-06-25 08:15 PM
4
openbugbounty
openbugbounty

levangileaucoeur.fr Cross Site Scripting vulnerability OBB-3938861

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:15 PM
3
openbugbounty
openbugbounty

flowersetcofyorksc.com Cross Site Scripting vulnerability OBB-3938853

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:10 PM
4
cvelist
cvelist

CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...

8.8CVSS

EPSS

2024-06-25 08:08 PM
2
openbugbounty
openbugbounty

eplay.co.uk Cross Site Scripting vulnerability OBB-3938850

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:08 PM
3
openbugbounty
openbugbounty

chateau-de-rochecotte.com Cross Site Scripting vulnerability OBB-3938845

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:04 PM
3
openbugbounty
openbugbounty

cathedraledevienne.fr Cross Site Scripting vulnerability OBB-3938842

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:03 PM
3
openbugbounty
openbugbounty

cbpt14.com Cross Site Scripting vulnerability OBB-3938843

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:03 PM
3
cvelist
cvelist

CVE-2024-5011 WhatsUp Gold TestController Chart denial of service vulnerability

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of...

7.5CVSS

EPSS

2024-06-25 08:01 PM
openbugbounty
openbugbounty

aytojoarilladelasmatas.es Cross Site Scripting vulnerability OBB-3938840

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:01 PM
4
openbugbounty
openbugbounty

aytovaldelugueros.es Cross Site Scripting vulnerability OBB-3938841

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:01 PM
2
cvelist
cvelist

CVE-2024-5010 WhatsUp Gold TestController multiple information disclosure vulnerabilities

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive...

7.5CVSS

EPSS

2024-06-25 08:00 PM
1
openbugbounty
openbugbounty

aytobrazuelo.es Cross Site Scripting vulnerability OBB-3938839

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:00 PM
2
openbugbounty
openbugbounty

asfera.in Cross Site Scripting vulnerability OBB-3938838

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 08:00 PM
2
openbugbounty
openbugbounty

ignicapillus.its.uu.se Cross Site Scripting vulnerability OBB-3938837

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 07:59 PM
2
openbugbounty
openbugbounty

advotech.com Cross Site Scripting vulnerability OBB-3938831

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 07:58 PM
2
cvelist
cvelist

CVE-2024-5008 WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...

8.8CVSS

EPSS

2024-06-25 07:57 PM
1
openbugbounty
openbugbounty

victoria.votecompass.com Cross Site Scripting vulnerability OBB-3938830

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 07:57 PM
2
openbugbounty
openbugbounty

fdnetwork.com.au Cross Site Scripting vulnerability OBB-3938829

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 07:57 PM
2
cvelist
cvelist

CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /apply_settings function, allowing an attacker to manipulate the...

7.7CVSS

EPSS

2024-06-25 07:55 PM
2
Total number of security vulnerabilities2752006