IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
0.0004EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: ...
7.5CVSS
7.2AI Score
0.0004EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
7.7AI Score
0.0004EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...
6.2CVSS
0.0004EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...
6.2CVSS
5.8AI Score
0.0004EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
7.7AI Score
0.0004EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
0.0004EPSS
inteco.nl Cross Site Scripting vulnerability OBB-3939320
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bardwellvalleygolf.com.au Cross Site Scripting vulnerability OBB-3939317
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
baza.house Cross Site Scripting vulnerability OBB-3939318
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sandmancapital.com Cross Site Scripting vulnerability OBB-3939319
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
nexfit.fit Cross Site Scripting vulnerability OBB-3939316
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
langexam.com Cross Site Scripting vulnerability OBB-3939315
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ahavocats.fr Cross Site Scripting vulnerability OBB-3939314
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-3331 Spotfire: NTLM token leakage
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
0.0004EPSS
CVE-2024-6086 Improper Access Control in lunary-ai/lunary
In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess() is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify...
5.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-6086 Improper Access Control in lunary-ai/lunary
In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess() is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify...
5.3CVSS
0.0004EPSS
CVE-2024-5935 CSRF Vulnerability in imartinez/privategpt
A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's...
5.4CVSS
7AI Score
0.0004EPSS
CVE-2024-5935 CSRF Vulnerability in imartinez/privategpt
A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's...
5.4CVSS
0.0004EPSS
CVE-2024-5755 Email Validation Bypass in lunary-ai/lunary
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., '[email protected]' and '[email protected]'), leading to...
5.3CVSS
7.2AI Score
0.0004EPSS
CVE-2024-5755 Email Validation Bypass in lunary-ai/lunary
In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., '[email protected]' and '[email protected]'), leading to...
5.3CVSS
0.0004EPSS
CVE-2024-5936 Open Redirect in imartinez/privategpt
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this...
4.3CVSS
0.001EPSS
CVE-2024-5822 Server-Side Request Forgery (SSRF) in gaizhenbiao/ChuanhuChatGPT
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources,...
7.3CVSS
0.0004EPSS
CVE-2024-5714 Improper Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...
7.4CVSS
6.8AI Score
0.0004EPSS
CVE-2024-5714 Improper Access Control in lunary-ai/lunary
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...
7.4CVSS
0.0004EPSS
imsuc.ac.in Open Redirect vulnerability OBB-3939312
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...
7.5CVSS
0.0004EPSS
CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...
7.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-3330 Spotfire Remote Code Execution Vulnerability
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction...
9.9CVSS
0.0004EPSS
Summary IBM Security Guardium has addressed this vulnerability. Vulnerability Details CVEID: CVE-2022-43904 DESCRIPTION: IBM Security Guardium could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. CVSS Base score: 7.5 CVSS Temporal...
7.5CVSS
7.5AI Score
0.001EPSS
CVE-2024-4578 Privilege escalation in Arista Wireless Access Points
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to...
8.4CVSS
0.0004EPSS
CVE-2023-38370 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: ...
7.5CVSS
0.0004EPSS
CVE-2023-38370 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: ...
7.5CVSS
6.3AI Score
0.0004EPSS
CVE-2023-38368 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...
6.2CVSS
0.0004EPSS
CVE-2023-38368 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...
6.2CVSS
5.7AI Score
0.0004EPSS
CVE-2023-30997 IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
6.2AI Score
0.0004EPSS
CVE-2023-30997 IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
0.0004EPSS
CVE-2023-30998 IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
6.2AI Score
0.0004EPSS
CVE-2023-30998 IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
0.0004EPSS
7.5CVSS
0.0004EPSS
External Control of File Name or Path in GitHub repository stitionai/devika prior to...
7.5CVSS
7.6AI Score
0.0004EPSS
7.5CVSS
0.0004EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
External Control of File Name or Path in GitHub repository stitionai/devika prior to...
7.5CVSS
0.0004EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
Parsing a corrupt or malicious image with invalid color indices can cause a...
6.6AI Score
0.0004EPSS
6.6AI Score
0.0004EPSS
0.0004EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
0.0004EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
5.5AI Score
0.0004EPSS