Lucene search

K

School Management System – WPSchoolPress Security Vulnerabilities

wolfi
wolfi

CVE-2024-29025 vulnerabilities

Vulnerabilities for packages: neo4j, opensearch, selenium, cloudwatch-exporter, keycloak, wavefront-proxy, spark,...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-06-16 09:08 PM
15
wolfi
wolfi

GHSA-5JPM-X58V-624V vulnerabilities

Vulnerabilities for packages: neo4j, opensearch, selenium, cloudwatch-exporter, keycloak, wavefront-proxy, spark,...

7.5AI Score

2024-06-16 09:08 PM
6
kitploit
kitploit

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)

NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege"...

7.2AI Score

2024-06-16 05:16 PM
6
nvd
nvd

CVE-2024-38468

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword...

EPSS

2024-06-16 04:15 PM
2
nvd
nvd

CVE-2024-38466

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default...

EPSS

2024-06-16 04:15 PM
2
nvd
nvd

CVE-2024-38467

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser...

EPSS

2024-06-16 04:15 PM
2
nvd
nvd

CVE-2024-38465

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus...

EPSS

2024-06-16 04:15 PM
1
cve
cve

CVE-2024-38466

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default...

7AI Score

EPSS

2024-06-16 04:15 PM
3
cve
cve

CVE-2024-38465

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus...

7AI Score

EPSS

2024-06-16 04:15 PM
2
cve
cve

CVE-2024-38467

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser...

6.7AI Score

EPSS

2024-06-16 04:15 PM
3
cve
cve

CVE-2024-38468

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword...

7.2AI Score

EPSS

2024-06-16 04:15 PM
3
githubexploit
githubexploit

Exploit for CVE-2024-26229

CVE-2024-26229 Windows CSC服务特权提升漏洞。 ...

7.8CVSS

7.7AI Score

0.0004EPSS

2024-06-16 05:06 AM
16
mageia
mageia

Updated atril packages fix security vulnerability

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user....

8.5CVSS

7.5AI Score

0.005EPSS

2024-06-16 02:07 AM
6
cvelist
cvelist

CVE-2024-38466

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default...

EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38468

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword...

EPSS

2024-06-16 12:00 AM
1
cvelist
cvelist

CVE-2024-38465

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus...

EPSS

2024-06-16 12:00 AM
nessus
nessus

Debian dsa-5712 : ffmpeg - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5712 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5712-1 [email protected] ...

8AI Score

0.0004EPSS

2024-06-16 12:00 AM
cvelist
cvelist

CVE-2024-38467

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser...

EPSS

2024-06-16 12:00 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-30078

CVE-2024-30078 Detection and Command Execution Script This...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-15 07:37 PM
142
cve
cve

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-15 07:15 PM
11
nvd
nvd

CVE-2024-6016

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

0.0004EPSS

2024-06-15 07:15 PM
1
cvelist
cvelist

CVE-2024-6016 itsourcecode Online Laundry Management System admin_class.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.....

6.3CVSS

0.0004EPSS

2024-06-15 06:31 PM
2
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577 In PHP when using Apache and PHP-CGI on...

9.8CVSS

8.7AI Score

0.932EPSS

2024-06-15 06:05 PM
29
nvd
nvd

CVE-2024-6014

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

6.3CVSS

0.0004EPSS

2024-06-15 05:15 PM
4
cve
cve

CVE-2024-6014

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-06-15 05:15 PM
10
cve
cve

CVE-2024-6015

A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-06-15 05:15 PM
5
nvd
nvd

CVE-2024-6015

A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

0.0004EPSS

2024-06-15 05:15 PM
1
cvelist
cvelist

CVE-2024-6015 itsourcecode Online House Rental System manage_user.php sql injection

A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

0.0004EPSS

2024-06-15 05:00 PM
2
cvelist
cvelist

CVE-2024-6014 itsourcecode Document Management System edithis.php sql injection

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to....

6.3CVSS

0.0004EPSS

2024-06-15 04:31 PM
2
nvd
nvd

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.0004EPSS

2024-06-15 06:15 AM
2
cve
cve

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-15 06:15 AM
7
cvelist
cvelist

CVE-2024-1399 Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

0.0004EPSS

2024-06-15 05:45 AM
2
nvd
nvd

CVE-2024-5871

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object......

9.8CVSS

0.001EPSS

2024-06-15 04:15 AM
3
cve
cve

CVE-2024-5871

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object......

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-15 04:15 AM
10
cvelist
cvelist

CVE-2024-5871 WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object......

9.8CVSS

0.001EPSS

2024-06-15 03:35 AM
1
nessus
nessus

Debian dsa-5711 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5711 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5711-1 [email protected] ...

7.5AI Score

0.0004EPSS

2024-06-15 12:00 AM
1
nessus
nessus

Debian dla-3828 : atril - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3828 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3828-1 [email protected] ...

9.6CVSS

9.1AI Score

0.005EPSS

2024-06-15 12:00 AM
nessus
nessus

Debian dla-3829 : libmilter-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3829 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1 [email protected] ...

5.3CVSS

6.7AI Score

0.002EPSS

2024-06-15 12:00 AM
githubexploit
githubexploit

Exploit for Path Traversal in Solarwinds Serv-U

CVE-2024-28995 PoC and Bulk Scanner Overview This...

8.6CVSS

6.7AI Score

0.001EPSS

2024-06-14 11:05 PM
48
cve
cve

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

8.3AI Score

0.0004EPSS

2024-06-14 08:15 PM
10
nvd
nvd

CVE-2024-37831

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID...

0.0004EPSS

2024-06-14 08:15 PM
1
nvd
nvd

CVE-2024-37369

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

0.0004EPSS

2024-06-14 05:15 PM
1
cve
cve

CVE-2024-37369

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

7.1AI Score

0.0004EPSS

2024-06-14 05:15 PM
9
vulnrichment
vulnrichment

CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

7AI Score

0.0004EPSS

2024-06-14 04:50 PM
1
cvelist
cvelist

CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

0.0004EPSS

2024-06-14 04:50 PM
1
malwarebytes
malwarebytes

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets,....

7.7AI Score

2024-06-14 04:29 PM
5
nvd
nvd

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
2
cve
cve

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
9
cve
cve

CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

4AI Score

0.0004EPSS

2024-06-14 04:15 PM
11
nvd
nvd

CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise.....

3.5CVSS

0.0004EPSS

2024-06-14 04:15 PM
1
Total number of security vulnerabilities488268