Lucene search

K

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic Security Vulnerabilities

osv
osv

Malicious code in cosma-ui-icons (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (49388262dd0b3d40b1f426a488f94937d409f2ce2053702f81a099fa8ed3b3c2) The OpenSSF Package Analysis project identified 'cosma-ui-icons' @ 9999.999.3 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-08 09:27 PM
2
nvd
nvd

CVE-2024-35706

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through...

7.1CVSS

0.0004EPSS

2024-06-08 03:15 PM
1
cve
cve

CVE-2024-35706

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through...

7.1CVSS

6.6AI Score

0.0004EPSS

2024-06-08 03:15 PM
20
nvd
nvd

CVE-2024-35707

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:15 PM
cve
cve

CVE-2024-35707

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
vulnrichment
vulnrichment

CVE-2024-35706 WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through...

7.1CVSS

6.5AI Score

0.0004EPSS

2024-06-08 02:10 PM
cvelist
cvelist

CVE-2024-35706 WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through...

7.1CVSS

0.0004EPSS

2024-06-08 02:10 PM
1
cvelist
cvelist

CVE-2024-35707 WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 02:05 PM
vulnrichment
vulnrichment

CVE-2024-35707 WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Stored XSS.This issue affects Heateor Social Login: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-06-08 02:05 PM
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577-PHP-RCE 项目简介与原理 ...

9.8CVSS

9.6AI Score

0.932EPSS

2024-06-08 01:04 PM
100
nessus
nessus

FreeBSD : kanboard -- Project Takeover via IDOR in ProjectPermissionController (91929399-249e-11ef-9296-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...

8.2CVSS

6.8AI Score

0.0004EPSS

2024-06-08 12:00 AM
1
osv
osv

aimeos-core arbitrary file uopload vulnerability

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

7.4AI Score

0.0004EPSS

2024-06-07 09:31 PM
1
github
github

aimeos-core arbitrary file uopload vulnerability

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

7.4AI Score

0.0004EPSS

2024-06-07 09:31 PM
schneier
schneier

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...

7.4AI Score

2024-06-07 08:55 PM
4
nvd
nvd

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

0.0004EPSS

2024-06-07 07:15 PM
5
cve
cve

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

7.4AI Score

0.0004EPSS

2024-06-07 07:15 PM
23
osv
osv

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

7.8AI Score

0.0004EPSS

2024-06-07 07:15 PM
1
ibm
ibm

Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities

Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13631 DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code...

9.8CVSS

9.1AI Score

EPSS

2024-06-07 03:32 PM
6
cve
cve

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

6.3AI Score

0.0005EPSS

2024-06-07 01:15 PM
22
nvd
nvd

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

5.3CVSS

0.0005EPSS

2024-06-07 01:15 PM
3
cvelist
cvelist

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

0.0005EPSS

2024-06-07 12:33 PM
1
vulnrichment
vulnrichment

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS

6.8AI Score

0.0005EPSS

2024-06-07 12:33 PM
1
kitploit
kitploit

PIP-INTEL - OSINT and Cyber Intelligence Tool

Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...

7AI Score

2024-06-07 12:30 PM
18
thn
thn

The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created...

7.2AI Score

2024-06-07 11:07 AM
1
thn
thn

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...

7.2AI Score

2024-06-07 07:13 AM
1
redos
redos

ROS-20240607-01

Vulnerability of bgp_capability_msg_parse() functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP.....

9.1CVSS

8.6AI Score

0.029EPSS

2024-06-07 12:00 AM
oraclelinux
oraclelinux

ruby:3.3 security, bug fix, and enhancement update

ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37448 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability...

7.5AI Score

EPSS

2024-06-07 12:00 AM
1
nessus
nessus

OpenSSL 1.0.0 < 1.0.0b Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.0b. It is, therefore, affected by a vulnerability as referenced in the 1.0.0b advisory. Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching...

7.7AI Score

0.335EPSS

2024-06-07 12:00 AM
redos
redos

ROS-20240607-05

The vulnerability of the system views pg_stats_ext, pg_stats_ext_exprs of the PostgreSQL DBMS is related to errors in privilege management. in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate...

3.1CVSS

4.1AI Score

0.0004EPSS

2024-06-07 12:00 AM
cvelist
cvelist

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...

0.0004EPSS

2024-06-07 12:00 AM
3
nessus
nessus

OpenSSL 0.9.8 < 0.9.8p Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.8p. It is, therefore, affected by a vulnerability as referenced in the 0.9.8p advisory. Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching...

7.7AI Score

0.335EPSS

2024-06-07 12:00 AM
openvas
openvas

Fedora: Security Advisory for qt5ct (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
nessus
nessus

Juniper Junos OS Vulnerability (JSA79095)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79095 advisory. An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated,...

7.5CVSS

7.1AI Score

0.0005EPSS

2024-06-07 12:00 AM
packetstorm

7.4AI Score

2024-06-07 12:00 AM
75
redos
redos

ROS-20240607-03

A vulnerability in the lrzip.c:initialize_control component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability.....

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-07 12:00 AM
1
redos
redos

ROS-20240607-02

Vulnerability of close_altfile() function for text terminals of UNIX-like Less systems is related to skipping Shell_quote calls for LESSCLOSE in filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary...

8.9AI Score

0.0004EPSS

2024-06-07 12:00 AM
openvas
openvas

Fedora: Security Advisory for keepassxc (FEDORA-2024-2e27372d4c)

The remote host is missing an update for...

6.8AI Score

0.0004EPSS

2024-06-07 12:00 AM
1
nessus
nessus

Oracle Linux 9 : ruby:3.1 (ELSA-2024-3668)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3668 advisory. ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE...

9.8AI Score

EPSS

2024-06-07 12:00 AM
ubuntucve
ubuntucve

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

9.7AI Score

0.0004EPSS

2024-06-07 12:00 AM
28
openvas
openvas

Fedora: Security Advisory for rust-silver (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for...

7.5AI Score

2024-06-07 12:00 AM
redos
redos

ROS-20240607-04

Vulnerability of the virNetClientIOEventLoop() method of the Libvirt virtualization management library is related to incorrect execution of the data pointer to the structure virNetClientIOEventLoop() in the virNetClientIOEventLoop() method virNetClientIOIOEventData. Exploitation of the...

6.2CVSS

6.7AI Score

0.0004EPSS

2024-06-07 12:00 AM
4
nvd
nvd

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

0.0004EPSS

2024-06-06 07:16 PM
3
cve
cve

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

8.6AI Score

0.0004EPSS

2024-06-06 07:16 PM
36
debiancve
debiancve

CVE-2024-5480

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

9.9AI Score

0.0004EPSS

2024-06-06 07:16 PM
4
nvd
nvd

CVE-2024-3110

A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them....

7.3CVSS

0.0004EPSS

2024-06-06 07:15 PM
osv
osv

CVE-2024-3110

A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them....

7.3CVSS

5.8AI Score

0.0004EPSS

2024-06-06 07:15 PM
cve
cve

CVE-2024-3110

A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them....

7.3CVSS

6.1AI Score

0.0004EPSS

2024-06-06 07:15 PM
22
vulnrichment
vulnrichment

CVE-2024-5480 Remote Code Execution in pytorch/pytorch

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

8.2AI Score

0.0004EPSS

2024-06-06 06:17 PM
1
cvelist
cvelist

CVE-2024-5480 Remote Code Execution in pytorch/pytorch

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call).....

10CVSS

0.0004EPSS

2024-06-06 06:17 PM
4
osv
osv

CVE-2024-4941

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess() function within gradio/components/json_component.py, where a user-controlled string is parsed as JSON. If the parsed...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-06-06 06:15 PM
Total number of security vulnerabilities222224