Lucene search

K

SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! Security Vulnerabilities

githubexploit
githubexploit

Exploit for CVE-2024-6387

CVE-2024-6387 Bulk Scanning Tool for OpenSSH CVE-2024-6387,...

8.1CVSS

8.4AI Score

EPSS

2024-07-01 08:45 PM
26
osv
osv

Potential memory exhaustion attack due to sparse slice deserialization

Details Running schema.Decoder.Decode() on a struct that has a field of type []struct{...} opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of...

7.5CVSS

6.8AI Score

EPSS

2024-07-01 08:35 PM
1
github
github

Potential memory exhaustion attack due to sparse slice deserialization

Details Running schema.Decoder.Decode() on a struct that has a field of type []struct{...} opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of...

7.5CVSS

6.6AI Score

EPSS

2024-07-01 08:35 PM
3
github
github

Session Middleware Token Injection Vulnerability

A security vulnerability has been identified in the Fiber session middleware where a user can supply their own session_id value, leading to the creation of a session with that key. Impact The identified vulnerability is a session middleware issue in GoFiber versions 2 and above. This vulnerability....

10CVSS

6.7AI Score

EPSS

2024-07-01 08:35 PM
1
osv
osv

Session Middleware Token Injection Vulnerability

A security vulnerability has been identified in the Fiber session middleware where a user can supply their own session_id value, leading to the creation of a session with that key. Impact The identified vulnerability is a session middleware issue in GoFiber versions 2 and above. This vulnerability....

10CVSS

6.9AI Score

EPSS

2024-07-01 08:35 PM
github
github

Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls...

9.8CVSS

8AI Score

EPSS

2024-07-01 08:34 PM
6
osv
osv

Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls...

9.8CVSS

8.5AI Score

EPSS

2024-07-01 08:34 PM
1
githubexploit
githubexploit

Exploit for CVE-2024-6387

CVE-2024-6387_Check 📜 Description CVE-2024-6387_Check is...

8.1CVSS

8.4AI Score

EPSS

2024-07-01 08:33 PM
18
openbugbounty
openbugbounty

educatingforamericandemocracy.org Cross Site Scripting vulnerability OBB-3939901

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 08:00 PM
3
github
github

GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer's Server Status page and REST API (at /geoserver/rest/about/status) lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...

4.5CVSS

6.9AI Score

EPSS

2024-07-01 07:20 PM
5
osv
osv

GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer's Server Status page and REST API (at /geoserver/rest/about/status) lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...

4.5CVSS

6.9AI Score

EPSS

2024-07-01 07:20 PM
1
nvd
nvd

CVE-2024-38513

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in the creation of a session with that key. If....

10CVSS

EPSS

2024-07-01 07:15 PM
1
debiancve
debiancve

CVE-2024-38477

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this...

6.4AI Score

EPSS

2024-07-01 07:15 PM
debiancve
debiancve

CVE-2024-39573

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this...

6.4AI Score

EPSS

2024-07-01 07:15 PM
cve
cve

CVE-2024-38513

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in the creation of a session with that key. If....

10CVSS

9.4AI Score

EPSS

2024-07-01 07:15 PM
8
debiancve
debiancve

CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...

6.6AI Score

EPSS

2024-07-01 07:15 PM
1
debiancve
debiancve

CVE-2024-38475

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. .....

6.9AI Score

EPSS

2024-07-01 07:15 PM
debiancve
debiancve

CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this...

6.2AI Score

EPSS

2024-07-01 07:15 PM
debiancve
debiancve

CVE-2024-38474

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...

6.6AI Score

EPSS

2024-07-01 07:15 PM
10
debiancve
debiancve

CVE-2024-38473

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this...

6.7AI Score

EPSS

2024-07-01 07:15 PM
2
debiancve
debiancve

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading...

6.5AI Score

EPSS

2024-07-01 07:15 PM
2
schneier
schneier

Upcoming Book on AI and Democracy

If you've been reading my blog, you've noticed that I have written a lot about AI and democracy, mostly with my co-author Nathan Sanders. I am pleased to announce that we're writing a book on the topic. This isn't a book about deep fakes, or misinformation. This is a book about what happens when...

7.3AI Score

2024-07-01 07:01 PM
3
cvelist
cvelist

CVE-2024-38513 Fiber Session Middleware Token Injection Vulnerability

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in the creation of a session with that key. If....

10CVSS

EPSS

2024-07-01 06:31 PM
2
wallarmlab
wallarmlab

CVE-2024-5655: GitLab Fixes CI/CD Vulnerability & 13 Other Flaws With Latest Patch Release

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version...

9.6CVSS

6.9AI Score

EPSS

2024-07-01 06:21 PM
6
openbugbounty
openbugbounty

whs.indiangolfunion.org Cross Site Scripting vulnerability OBB-3939895

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 05:24 PM
3
nvd
nvd

CVE-2024-36989

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance...

7.1CVSS

EPSS

2024-07-01 05:15 PM
1
cve
cve

CVE-2024-36989

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance...

7.1CVSS

6.9AI Score

EPSS

2024-07-01 05:15 PM
3
ibm
ibm

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-38355]

Summary Socket.IO is used by IBM App Connect Enterprise Certified Container for real-time UI updates. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

7.3CVSS

6.5AI Score

0.0004EPSS

2024-07-01 05:03 PM
2
openbugbounty
openbugbounty

untappd.com Cross Site Scripting vulnerability OBB-3939894

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:35 PM
6
cvelist
cvelist

CVE-2024-36989 Low-privileged user could create notifications in Splunk Web Bulletin Messages

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance...

7.1CVSS

EPSS

2024-07-01 04:30 PM
2
openbugbounty
openbugbounty

oasisindia.in Cross Site Scripting vulnerability OBB-3939893

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:24 PM
3
wordfence
wordfence

WordPress Security Research: A Beginner’s Series

Learn How To Find WordPress Vulnerabilities Step-by-Step Welcome to the inaugural post of our WordPress Security Research Beginner's Series! With the success of the Wordfence Bug Bounty Program, we wanted to provide emerging vulnerability researchers, and experienced Bug Bounty Hunters, with a...

7.7AI Score

2024-07-01 04:20 PM
1
nvd
nvd

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation.....

9.8CVSS

EPSS

2024-07-01 04:15 PM
3
cve
cve

CVE-2024-36421

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated),...

7.5CVSS

7.5AI Score

EPSS

2024-07-01 04:15 PM
3
nvd
nvd

CVE-2024-36421

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated),...

7.5CVSS

EPSS

2024-07-01 04:15 PM
2
cve
cve

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation.....

9.8CVSS

9.9AI Score

EPSS

2024-07-01 04:15 PM
4
openbugbounty
openbugbounty

uberbier.com Cross Site Scripting vulnerability OBB-3939891

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:15 PM
3
openbugbounty
openbugbounty

fendfoundation.com Cross Site Scripting vulnerability OBB-3939890

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:14 PM
4
openbugbounty
openbugbounty

scrappycito.com Cross Site Scripting vulnerability OBB-3939889

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:14 PM
5
openbugbounty
openbugbounty

turtlemobile.com.tw Cross Site Scripting vulnerability OBB-3939886

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:13 PM
5
openbugbounty
openbugbounty

corpiq.com Cross Site Scripting vulnerability OBB-3939888

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:13 PM
6
thn
thn

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership...

8AI Score

EPSS

2024-07-01 04:12 PM
13
openbugbounty
openbugbounty

toolsgalerie.com Cross Site Scripting vulnerability OBB-3939885

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:12 PM
4
wordfence
wordfence

WordPress Security Research Series: WordPress Request Architecture and Hooks

Welcome to Part 1 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect. Before diving into the security features of WordPress, it's critical to understand the.....

7.1AI Score

2024-07-01 04:11 PM
2
openbugbounty
openbugbounty

righttolive.org Cross Site Scripting vulnerability OBB-3939884

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:11 PM
3
malwarebytes
malwarebytes

Personal data stolen from unsuspecting airport visitors and plane passengers in “evil twin” attacks, man charged

The Australian Federal Police (AFP) have charged a man for setting up fake free WiFi access points in order to steal personal data from people. The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged...

7AI Score

2024-07-01 04:10 PM
1
openbugbounty
openbugbounty

collabion.com Cross Site Scripting vulnerability OBB-3939883

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:10 PM
5
openbugbounty
openbugbounty

kidr.com.ua Cross Site Scripting vulnerability OBB-3939882

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:09 PM
4
openbugbounty
openbugbounty

goldenrose.com.tr Cross Site Scripting vulnerability OBB-3939881

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:09 PM
3
openbugbounty
openbugbounty

tvumd.com Cross Site Scripting vulnerability OBB-3939879

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-07-01 04:06 PM
3
Total number of security vulnerabilities1869187