Missing security headers in Action Pack on non-HTML responses
Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed...
9.8CVSS
6.3AI Score
0.001EPSS
Missing security headers in Action Pack on non-HTML responses
Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: >= 6.1.0 Not affected: < 6.1.0 Fixed...
9.8CVSS
6.3AI Score
0.001EPSS
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...
6.1CVSS
5.9AI Score
0.0005EPSS
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could...
6.1CVSS
5.9AI Score
0.0005EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2024. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An...
5.9CVSS
6.2AI Score
0.001EPSS
Summary A vulnerabilitiy in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVE-2024-3933 Vulnerability Details ** CVEID: CVE-2024-3933 DESCRIPTION: **Eclipse Openj9 could allow a local authenticated attacker to bypass security...
5.3CVSS
6.7AI Score
0.0004EPSS
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search
Due to an oversized maximum result limit, TYPO3 component Indexed Search is susceptible to a Denial of Service...
7AI Score
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search
Due to an oversized maximum result limit, TYPO3 component Indexed Search is susceptible to a Denial of Service...
7AI Score
Typo3 Arbitrary File Disclosure in Form Component
Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload...
7.1AI Score
Typo3 Arbitrary File Disclosure in Form Component
Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload...
7.1AI Score
Cross-Site Scripting (XSS) in TYPO3 component CSS styled content
Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or...
6.8AI Score
Cross-Site Scripting (XSS) in TYPO3 component CSS styled content
Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or...
6.8AI Score
XML External Entity (XXE) Processing in TYPO3 Core
All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see...
6.9AI Score
XML External Entity (XXE) Processing in TYPO3 Core
All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see...
6.9AI Score
Cross-Site Scripting (XSS) in TYPO3 component Backend
Failing to properly encode incoming data, the bookmark toolbar is susceptible to Cross-Site...
7AI Score
Cross-Site Scripting (XSS) in TYPO3 component Backend
Failing to properly encode incoming data, the bookmark toolbar is susceptible to Cross-Site...
7AI Score
TYPO3 Cross-Site Scripting (XSS) in form component
Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site...
7.1AI Score
TYPO3 Cross-Site Scripting (XSS) in form component
Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site...
7.1AI Score
TYPO3 Cross-Site Scripting in legacy form component
Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this...
7AI Score
TYPO3 Cross-Site Scripting in legacy form component
Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this...
7AI Score
PCI DSS 4.0: Get Audit-Ready for the New Requirements
The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...
7.6AI Score
TYPO3 Cross-Site Scripting in link validator component
Failing to sanitize content from editors, the link validator component is susceptible to Cross-Site Scripting. A valid editor account with access to content which is scanned by the link validator component is required to exploit this...
7AI Score
TYPO3 Cross-Site Scripting in link validator component
Failing to sanitize content from editors, the link validator component is susceptible to Cross-Site Scripting. A valid editor account with access to content which is scanned by the link validator component is required to exploit this...
7AI Score
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend
Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary...
7AI Score
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend
Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary...
7AI Score
A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal is enabled and configured for MySQL passthrough mode in its extension configuration. All queries which use the DatabaseConnection::sql_query are vulnerable, even if arguments were properly escaped with....
8AI Score
A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal is enabled and configured for MySQL passthrough mode in its extension configuration. All queries which use the DatabaseConnection::sql_query are vulnerable, even if arguments were properly escaped with....
8AI Score
Microsoft is named a leader in the Forrester Wave for XDR
“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...
6.8AI Score
Cross-Site Scripting in TYPO3 component Indexed Search
Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary...
6.9AI Score
Cross-Site Scripting in TYPO3 component Indexed Search
Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary...
6.9AI Score
TYPO3 is susceptible to Cross-Site Flashing
The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external...
7.1AI Score
TYPO3 is susceptible to Cross-Site Flashing
The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external...
7.1AI Score
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or...
6.8AI Score
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or...
6.8AI Score
RHEL 8 : flatpak_libreoffice (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libreoffice: Weak Master Keys (CVE-2022-26307) An Improper Certificate Validation vulnerability in...
8.8CVSS
7.7AI Score
0.002EPSS
RHEL 8 : net-snmp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an ...
6.5CVSS
8.1AI Score
0.0004EPSS
RHEL 9 : net-snmp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an ...
6.5CVSS
7.3AI Score
0.0004EPSS
RHEL 6 : puppet (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. puppet: incorrect URL decoding (CVE-2016-2785) The default vhost configuration file in Puppet before...
9.8CVSS
6.3AI Score
0.975EPSS
RHEL 7 : ceph (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ceph: cephx protocol is vulnerable to replay attack (CVE-2018-1128) A flaw was found in the way...
7.5CVSS
7.7AI Score
0.006EPSS
RHEL 8 : thunderbird (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords ...
5.5CVSS
6.3AI Score
0.001EPSS
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...
6AI Score
EPSS
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...
6AI Score
EPSS
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
4.9CVSS
6.7AI Score
0.013EPSS
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This...
6.4CVSS
6AI Score
0.001EPSS
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This...
6.4CVSS
5.9AI Score
0.001EPSS
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This...
6.4CVSS
5.9AI Score
0.001EPSS
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This...
6.4CVSS
5.8AI Score
0.001EPSS
4.9CVSS
7AI Score
EPSS