Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by....
4.3CVSS
7.1AI Score
CVE-2024-5272 Run Details leak to guest via webhook event "custom_playbooks_playbook_run_updated"
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by....
7.1AI Score
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines +...
7.8AI Score
6.5AI Score
0.001EPSS
Updated roundcubemail packages fix security vulnerabilities
This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting (XSS) vulnerability in handling list columns from user...
6.8AI Score
[SECURITY] Fedora 40 Update: rust-zram-generator-1.1.2-11.fc40
This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memor y.) To activate, install zram-generator-defaults...
7AI Score
[SECURITY] Fedora 40 Update: rust-uu_yes-0.0.23-3.fc40
yes ~ (uutils) repeatedly display a line with STRING (or...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-uu_shred-0.0.23-3.fc40
shred ~ (uutils) hide former FILE contents with repeated...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-uu_nl-0.0.23-3.fc40
nl ~ (uutils) display input with added line...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-uu_join-0.0.23-3.fc40
join ~ (uutils) merge lines from inputs with matching join...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-uu_basename-0.0.23-3.fc40
basename ~ (uutils) display PATHNAME with leading directory components...
7.3AI Score
7.3AI Score
[SECURITY] Fedora 40 Update: rust-tealdeer-1.6.1-8.fc40
Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching...
7.4AI Score
[SECURITY] Fedora 40 Update: rust-silver-2.0.1-8.fc40
A cross-shell customizable powerline-like prompt with...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-sha1collisiondetection-0.3.4-2.fc40
SHA-1 hash function with collision detection and...
7.4AI Score
[SECURITY] Fedora 40 Update: rust-sequoia-octopus-librnp-1.8.1-4.fc40
Reimplementation of RNP's interface using Sequoia for use with...
7.4AI Score
[SECURITY] Fedora 40 Update: rust-sd-1.0.0-2.fc40
Intuitive find & replace CLI. * Painless regular expressions sd uses regex syntax that you already know from JavaScript and Python. Forget about dealing with quirks of sed or awk - get productive immediate ly. * String-literal mode Non-regex find & replace. No more backslashes or...
7.2AI Score
[SECURITY] Fedora 40 Update: rust-resctl-bench-2.2.5-3.fc40
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, test ing resource control end-to-end requires scenarios involving realistic...
7.2AI Score
[SECURITY] Fedora 40 Update: rust-python-launcher-1.0.0-12.fc40
The Python Launcher for Unix. Launch your Python interpreter the lazy/smart way! This launcher is an implementation of the py command for Unix-based platfor ms. The goal is to have py become the cross-platform command that Python users typically use to launch an interpreter while doing...
7.2AI Score
[SECURITY] Fedora 40 Update: rust-names-0.14.0-2.fc40
A random name generator with names suitable for use in container instances, project names, application instances,...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-lsd-1.1.2-3.fc40
An ls command with a lot of pretty colors and some other...
7.5AI Score
[SECURITY] Fedora 40 Update: rust-lino-0.10.0-9.fc40
A command line text editor with notepad like key...
7.5AI Score
[SECURITY] Fedora 40 Update: rust-desed-1.2.1-4.fc40
Sed script debugger. Debug and demystify your sed scripts with TUI...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-cpc-1.9.3-3.fc40
Evaluates math expressions, with support for units and conversion between...
7.4AI Score
7.3AI Score
[SECURITY] Fedora 40 Update: rust-asahi-btsync-0.2.0-3.fc40
A tool to sync Bluetooth pairing keys with macos on ARM...
7.3AI Score
[SECURITY] Fedora 40 Update: rust-asahi-wifisync-0.2.0-3.fc40
A tool to sync Wifi passwords with macos on ARM...
7.3AI Score
[SECURITY] Fedora 40 Update: ntpd-rs-1.1.2-2.fc40
Full-featured implementation of NTP with NTS...
7.3AI Score
[SECURITY] Fedora 40 Update: loupe-46.2-2.fc40
An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...
7.4AI Score
[SECURITY] Fedora 40 Update: maturin-1.5.1-2.fc40
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python...
7.4AI Score
Malicious code in protonme (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (295b3103d7290c7c347d76b699dea56f4ddfdcf450ac1bfdddcf41ed4b37af0a) The OpenSSF Package Analysis project identified 'protonme' @ 1200.1.1 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
Exploit for Vulnerability in Reportlab
CVE-2023-33733-POC Disclamer I did not, nor do I take...
6.6AI Score
0.001EPSS
Exploit for Vulnerability in Reportlab
CVE-2023-33733-POC Disclamer I did not, nor do I take...
6.6AI Score
0.001EPSS
[SECURITY] [DLA 3820-1] bluez security update
Debian LTS Advisory DLA-3820-1 [email protected] https://www.debian.org/lts/security/ Arturo Borrero Gonzalez May 25, 2024 https://wiki.debian.org/LTS Package : bluez Version : 5.50-1.2~deb10u5 CVE ID :...
7.1CVSS
6.9AI Score
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....
7AI Score
[SECURITY] [DLA 3818-1] apache2 security update
Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...
5.3CVSS
7.9AI Score
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
6.4CVSS
6AI Score
0.001EPSS
The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output...
5.9AI Score
0.001EPSS
The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
6AI Score
0.0004EPSS
The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6AI Score
0.0004EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.9AI Score
0.001EPSS
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and....
6.4CVSS
6.1AI Score
0.001EPSS
CVE-2024-5220 ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and....
6AI Score
0.001EPSS
Malicious code in rich-relevance (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (da3a1ac70540bed4411c7898c3829eb449795a1537d8fd94dd66c4c643c4d4df) The OpenSSF Package Analysis project identified 'rich-relevance' @ 99.1.1 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
Foxit PDF Editor < 13.1.2 Vulnerability
According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 13.1.2. It is, therefore affected by vulnerability: Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use...
7.6AI Score
Ivanti Endpoint Manager - May 2024 Security Update
The version of Ivanti Endpoint Manager running on the remote host lacking the May 2024 Hotfix. It is, therefore, affected by multiple vulnerabilities. An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the...
9.1AI Score
Debian dla-3818 : apache2 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3818 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3818-1 [email protected] ...
7.7AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postgresql15 (SUSE-SU-2024:1777-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1777-1 advisory. PostgreSQL upgrade to version 15.7 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of...
7.4AI Score
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:1771-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1771-1 advisory. Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed...
7.8AI Score