7.3CVSS
7.3AI Score
0.003EPSS
In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is...
0.0004EPSS
openSUSE: Security Advisory for booth (SUSE-SU-2024:2040-1)
The remote host is missing an update for...
5.9CVSS
5.8AI Score
0.001EPSS
openSUSE: Security Advisory for openssl (SUSE-SU-2024:2059-1)
The remote host is missing an update for...
6.7AI Score
EPSS
openSUSE: Security Advisory for libaom (SUSE-SU-2024:2056-1)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
3.3CVSS
7.1AI Score
0.0004EPSS
Fedora: Security Advisory for ghostscript (FEDORA-2024-939eac36ae)
The remote host is missing an update for...
6.7AI Score
EPSS
Fedora: Security Advisory for webkitgtk (FEDORA-2024-4d71f28349)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
[2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi Oracle history: June-22-2023 Cupertino Miranda - 2.17-326.0.9 - OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed free() of stack allocations. Reviewed-by: Jose E....
6.8AI Score
0.0005EPSS
openSUSE: Security Advisory for booth (SUSE-SU-2024:2042-1)
The remote host is missing an update for...
5.9CVSS
5.8AI Score
0.001EPSS
Moodle < 4.1.11, 4.2.x < 4.2.8, 4.3.x < 4.3.5, 4.4.x < 4.4.1 Multiple Vulnerabilities
Moodle is prone to multiple...
7.3AI Score
0.0004EPSS
Fedora: Security Advisory for python-authlib (FEDORA-2024-7cc9a030d9)
The remote host is missing an update for...
7.5CVSS
7.6AI Score
0.001EPSS
7.4AI Score
Oracle Linux 7 : glibc (ELSA-2024-12444)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory. [2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history: ...
9.8CVSS
9.7AI Score
0.009EPSS
7.2AI Score
0.0004EPSS
openSUSE: Security Advisory for xdg (SUSE-SU-2024:2067-1)
The remote host is missing an update for...
8.4CVSS
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for openssl (SUSE-SU-2024:2066-1)
The remote host is missing an update for...
6.7AI Score
EPSS
openSUSE: Security Advisory for bouncycastle (SUSE-SU-2024:1539-2)
The remote host is missing an update for...
7.1AI Score
0.0004EPSS
openSUSE: Security Advisory for podman (SUSE-SU-2024:2050-1)
The remote host is missing an update for...
8.3CVSS
7.4AI Score
0.0004EPSS
openSUSE: Security Advisory for openssl (SUSE-SU-2024:2051-1)
The remote host is missing an update for...
6.7AI Score
EPSS
7.1AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.001EPSS
openSUSE: Security Advisory for python (SUSE-SU-2024:2064-1)
The remote host is missing an update for...
7.5CVSS
7.6AI Score
0.001EPSS
openSUSE: Security Advisory for php8 (SUSE-SU-2024:2039-1)
The remote host is missing an update for...
5.3CVSS
5.4AI Score
0.001EPSS
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
0.0004EPSS
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
5.7AI Score
0.0004EPSS
Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...
9.8CVSS
10AI Score
0.003EPSS
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....
6.4CVSS
0.0004EPSS
Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.9AI Score
0.0004EPSS
Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.9AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
3.7CVSS
0.0004EPSS
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
3.7CVSS
4.3AI Score
0.0004EPSS
Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...
9.8CVSS
10AI Score
0.003EPSS
CVE-2024-6129 spa-cartcms Username login observable behavioral discrepancy
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...
3.7CVSS
0.0004EPSS
Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary.....
9.8CVSS
10AI Score
0.003EPSS
PocketBase performs password auth and OAuth2 unverified email linking
In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email (it is unverified) - at some later point in time the targeted user stumble on your app and decides to sign-up with.....
5.4CVSS
6.5AI Score
0.0004EPSS
PocketBase performs password auth and OAuth2 unverified email linking
In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email (it is unverified) - at some later point in time the targeted user stumble on your app and decides to sign-up with.....
5.4CVSS
6.5AI Score
0.0004EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.6AI Score
0.0004EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
0.0004EPSS
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...
9.8CVSS
6.9AI Score
EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
6.8AI Score
0.0004EPSS
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the...
0.0004EPSS
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
5.4CVSS
5.3AI Score
0.0004EPSS
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
5.4CVSS
0.0004EPSS
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information...
7.4CVSS
0.0004EPSS
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information...
7.4CVSS
7.2AI Score
0.0004EPSS
CVE-2024-38351 Password auth and OAuth2 unverified email linking
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
5.4CVSS
0.0004EPSS
This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information...
7.4CVSS
0.0004EPSS
Explained: Android overlays and how they are used to trick people
Sometimes you’ll see the term "overlays" used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays—particularly on Android devices—are, and how cybercriminals deploy them. Most of the time, overlays are used to make people think they are...
7.2AI Score
IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: ...
7.1CVSS
0.0004EPSS