Lucene search

K

R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

githubexploit

8.8CVSS

7.3AI Score

0.008EPSS

2024-05-26 03:43 PM
139
kitploit
kitploit

Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning

Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...

7.8AI Score

2024-05-26 12:30 PM
15
cve
cve

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 08:15 AM
25
nvd
nvd

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 08:15 AM
vulnrichment
vulnrichment

CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 07:31 AM
1
cvelist
cvelist

CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 07:31 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-4956

README.md CVE-2024-4956 Bulk Scanner Disclaimer ...

7.5CVSS

6.5AI Score

0.013EPSS

2024-05-26 06:50 AM
185
cve
cve

CVE-2024-5355

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-26 06:15 AM
27
nvd
nvd

CVE-2024-5355

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 06:15 AM
vulnrichment
vulnrichment

CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

6.3CVSS

7.5AI Score

0.0004EPSS

2024-05-26 06:00 AM
cvelist
cvelist

CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 06:00 AM
1
cve
cve

CVE-2024-5354

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has.....

4.3CVSS

6.6AI Score

0.0004EPSS

2024-05-26 05:15 AM
25
nvd
nvd

CVE-2024-5354

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has.....

4.3CVSS

4.6AI Score

0.0004EPSS

2024-05-26 05:15 AM
cvelist
cvelist

CVE-2024-5354 anji-plus AJ-Report detailByCode information disclosure

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has.....

4.3CVSS

4.6AI Score

0.0004EPSS

2024-05-26 04:31 AM
vulnrichment
vulnrichment

CVE-2024-5354 anji-plus AJ-Report detailByCode information disclosure

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has.....

4.3CVSS

6.7AI Score

0.0004EPSS

2024-05-26 04:31 AM
nvd
nvd

CVE-2024-5353

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 04:15 AM
cve
cve

CVE-2024-5353

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 04:15 AM
25
cvelist
cvelist

CVE-2024-5353 anji-plus AJ-Report ZIP File decompress path traversal

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 04:00 AM
vulnrichment
vulnrichment

CVE-2024-5353 anji-plus AJ-Report ZIP File decompress path traversal

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 04:00 AM
fedora
fedora

[SECURITY] Fedora 40 Update: ruff-0.3.7-2.fc40

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle,...

7.4AI Score

2024-05-26 01:28 AM
cve
cve

CVE-2024-5352

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 01:15 AM
25
nvd
nvd

CVE-2024-5352

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 01:15 AM
cvelist
cvelist

CVE-2024-5352 anji-plus AJ-Report validationRules deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 12:31 AM
nvd
nvd

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 12:15 AM
cve
cve

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 12:15 AM
2
vulnrichment
vulnrichment

CVE-2024-5351 anji-plus AJ-Report Javascript getValueFromJs deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 12:00 AM
cvelist
cvelist

CVE-2024-5351 anji-plus AJ-Report Javascript getValueFromJs deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 12:00 AM
cve
cve

CVE-2024-5350

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the.....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-25 11:15 PM
24
nvd
nvd

CVE-2024-5350

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-25 11:15 PM
cvelist
cvelist

CVE-2024-5350 anji-plus AJ-Report pageList sql injection

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-25 10:31 PM
wired
wired

Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’

Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel...

7.4AI Score

2024-05-25 10:30 AM
6
githubexploit
githubexploit

Exploit for CVE-2024-5084

Wordpress Hash Form – Drag & Drop Form Builder <= 1.1.0 -...

9.8CVSS

8.5AI Score

0.035EPSS

2024-05-25 03:49 AM
13
nessus
nessus

Oracle Linux 9 : kernel (ELSA-2024-3306)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3306 advisory. [5.14.0-427.18.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya...

6.7AI Score

0.0004EPSS

2024-05-25 12:00 AM
6
f5
f5

K000139525: Libexpat vulnerability CVE-2022-43680

Security Advisory Description In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680) Impact System performance degradation can occur until the process is forced to restart.....

6.7AI Score

0.004EPSS

2024-05-25 12:00 AM
19
openbugbounty
openbugbounty

n-e-r-v-o-u-s.com Cross Site Scripting vulnerability OBB-3930116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-24 03:27 PM
1
debiancve
debiancve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
3
nvd
nvd

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.3AI Score

0.0004EPSS

2024-05-24 03:15 PM
cve
cve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
26
cvelist
cvelist

CVE-2021-47505 aio: fix use-after-free due to missing POLLFREE handling

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.3AI Score

0.0004EPSS

2024-05-24 03:01 PM
1
nvd
nvd

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.1AI Score

0.001EPSS

2024-05-24 09:15 AM
cve
cve

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.5AI Score

0.001EPSS

2024-05-24 09:15 AM
22
cvelist
cvelist

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.1AI Score

0.001EPSS

2024-05-24 08:30 AM
vulnrichment
vulnrichment

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.6AI Score

0.001EPSS

2024-05-24 08:30 AM
cve
cve

CVE-2024-4484

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-24 07:15 AM
28
nvd
nvd

CVE-2024-4484

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 07:15 AM
nvd
nvd

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 07:15 AM
cve
cve

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-24 07:15 AM
27
cvelist
cvelist

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 06:42 AM
vulnrichment
vulnrichment

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 06:42 AM
vulnrichment
vulnrichment

CVE-2024-4485 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 06:42 AM
Total number of security vulnerabilities120129