Lucene search

K

PowerPack Addons For Elementor (Free Widgets, Extensions And Templates) Security Vulnerabilities

github
github

pdoc embeds link to malicious CDN if math mode is enabled

Impact Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. Users who produce documentation with math mode should update immediately. All other users are unaffected. Patches This issue has been fixed.....

7.1AI Score

2024-06-25 10:23 PM
1
ibm
ibm

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in WebSphere Application Server Liberty

Summary IBM Virtualization Engine TS7700 is vulnerable to two potential denial of service conditions (CVE-2023-44487, CVE-2024-25026) and two instances of weaker than expected security (CVE-2023-50312, CVE-2023-46158) due to WebSphere Application Server Liberty. WebSphere Application Server...

9.8CVSS

7.8AI Score

0.732EPSS

2024-06-25 10:19 PM
2
nvd
nvd

CVE-2024-37742

An issue in Safe Exam Browser for Windows before 3.6 allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity which may lead to arbitrary code execution and obtaining sensitive information via the Clipboard Management...

EPSS

2024-06-25 10:15 PM
1
cve
cve

CVE-2024-37742

An issue in Safe Exam Browser for Windows before 3.6 allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity which may lead to arbitrary code execution and obtaining sensitive information via the Clipboard Management...

7.4AI Score

EPSS

2024-06-25 10:15 PM
2
cve
cve

CVE-2024-30112

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

5.4CVSS

5.8AI Score

EPSS

2024-06-25 10:15 PM
2
nvd
nvd

CVE-2024-30112

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

5.4CVSS

EPSS

2024-06-25 10:15 PM
2
ibm
ibm

Security Bulletin: Maximo Application Suite - follow-redirects-1.15.4.tgz and follow-redirects-1.15.5.tgz are vulnerable to CVE-2024-28849 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses follow-redirects-1.15.4.tgz and follow-redirects-1.15.5.tgz which are vulnerable to CVE-2024-28849. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION:...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-25 10:09 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-31583 DESCRIPTION:...

8.2AI Score

0.0004EPSS

2024-06-25 10:08 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - Multiple Netty package is vulnerable to CVE-2024-29025 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses multiple Netty package which is vulnerable to CVE-2024-29025. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-25 10:08 PM
ibm
ibm

Security Bulletin: Maximo Application suite - express-4.18.2.tgz is vulnerable to CVE-2024-29041 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote...

6.1CVSS

7.1AI Score

0.0004EPSS

2024-06-25 10:07 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - jose4j is vulnerable to CVE-2023-51775 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses jose4j which is vulnerable to CVE-2023-51775. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by.....

7.2AI Score

0.0004EPSS

2024-06-25 10:06 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to...

7.5CVSS

6.1AI Score

0.0004EPSS

2024-06-25 10:05 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - bcprov-jdk18on-1.76.jar is vulnerable to CVE-2024-30171 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses bcprov-jdk18on-1.76.jar which is vulnerable to CVE-2024-30171. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy Castle Crypto Package...

6.4AI Score

0.0004EPSS

2024-06-25 10:05 PM
openbugbounty
openbugbounty

nordicbiosite.com Cross Site Scripting vulnerability OBB-3938898

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 09:51 PM
4
malwarebytes
malwarebytes

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....

7.5AI Score

2024-06-25 09:35 PM
2
cvelist
cvelist

CVE-2024-30112 HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

5.4CVSS

EPSS

2024-06-25 09:28 PM
2
openbugbounty
openbugbounty

baseballquebec.com Cross Site Scripting vulnerability OBB-3938896

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 09:28 PM
3
nvd
nvd

CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

7.2CVSS

EPSS

2024-06-25 09:16 PM
3
cve
cve

CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

7.2CVSS

7.2AI Score

EPSS

2024-06-25 09:16 PM
2
cve
cve

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2...

7AI Score

EPSS

2024-06-25 09:15 PM
2
nvd
nvd

CVE-2024-38516

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...

8.8CVSS

EPSS

2024-06-25 09:15 PM
1
nvd
nvd

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2...

EPSS

2024-06-25 09:15 PM
2
cve
cve

CVE-2024-38516

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...

8.8CVSS

8.6AI Score

EPSS

2024-06-25 09:15 PM
5
nvd
nvd

CVE-2024-21740

Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access...

EPSS

2024-06-25 09:15 PM
cve
cve

CVE-2024-21740

Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access...

6.8AI Score

EPSS

2024-06-25 09:15 PM
1
nvd
nvd

CVE-2024-21739

Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access...

EPSS

2024-06-25 09:15 PM
1
cve
cve

CVE-2024-21739

Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access...

6.8AI Score

EPSS

2024-06-25 09:15 PM
1
cbl_mariner
cbl_mariner

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...

7.5CVSS

7.8AI Score

0.003EPSS

2024-06-25 09:08 PM
15
cbl_mariner
cbl_mariner

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

5.3CVSS

7.3AI Score

0.001EPSS

2024-06-25 09:08 PM
12
cbl_mariner
cbl_mariner

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.005EPSS

2024-06-25 09:08 PM
6
cbl_mariner
cbl_mariner

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

5.3CVSS

7.3AI Score

0.001EPSS

2024-06-25 09:08 PM
5
cbl_mariner
cbl_mariner

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.001EPSS

2024-06-25 09:08 PM
6
cbl_mariner
cbl_mariner

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-25 09:08 PM
1
cbl_mariner
cbl_mariner

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is...

5.3CVSS

5.8AI Score

0.001EPSS

2024-06-25 09:08 PM
9
cbl_mariner
cbl_mariner

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...

7.5CVSS

7.8AI Score

0.732EPSS

2024-06-25 09:08 PM
35
cbl_mariner
cbl_mariner

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2

CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...

7.5CVSS

7.8AI Score

0.732EPSS

2024-06-25 09:08 PM
8
cbl_mariner
cbl_mariner

CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18

CVE-2023-44487 affecting package flannel for versions less than 0.14.0-18. A patched version of the package is...

7.5CVSS

7.8AI Score

0.732EPSS

2024-06-25 09:08 PM
15
cbl_mariner
cbl_mariner

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

8CVSS

9.9AI Score

0.0004EPSS

2024-06-25 09:08 PM
22
cbl_mariner
cbl_mariner

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25660 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

7.5CVSS

9.1AI Score

0.001EPSS

2024-06-25 09:08 PM
11
cbl_mariner
cbl_mariner

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1

CVE-2023-25658 affecting package tensorflow for versions less than 2.11.1-1. A patched version of the package is...

7.5CVSS

9.1AI Score

0.001EPSS

2024-06-25 09:08 PM
7
cbl_mariner
cbl_mariner

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5

CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...

5.3CVSS

6.3AI Score

0.002EPSS

2024-06-25 09:08 PM
18
cbl_mariner
cbl_mariner

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1

CVE-2023-29406 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

6.5CVSS

7.3AI Score

0.001EPSS

2024-06-25 09:08 PM
9
cbl_mariner
cbl_mariner

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1

CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

7.8CVSS

7.3AI Score

0.001EPSS

2024-06-25 09:08 PM
13
cbl_mariner
cbl_mariner

CVE-2023-29402 affecting package golang for versions less than 1.20.7-1

CVE-2023-29402 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...

9.8CVSS

9.7AI Score

0.005EPSS

2024-06-25 09:08 PM
22
cbl_mariner
cbl_mariner

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2

CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...

7.5CVSS

8AI Score

0.003EPSS

2024-06-25 09:08 PM
20
cbl_mariner
cbl_mariner

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1

CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...

9.8CVSS

10AI Score

0.003EPSS

2024-06-25 09:08 PM
18
cbl_mariner
cbl_mariner

CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1

CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...

7.5CVSS

9.1AI Score

0.001EPSS

2024-06-25 09:08 PM
8
cbl_mariner
cbl_mariner

CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15

CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15. No patch is available...

5.5CVSS

5.6AI Score

0.001EPSS

2024-06-25 09:08 PM
6
cbl_mariner
cbl_mariner

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.732EPSS

2024-06-25 09:08 PM
11
cbl_mariner
cbl_mariner

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...

5.5CVSS

6AI Score

0.001EPSS

2024-06-25 09:08 PM
20
Total number of security vulnerabilities2993952