Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in...
7.1AI Score
0.0004EPSS
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s...
7.7CVSS
6.8AI Score
0.0004EPSS
Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. Bugs ...
7.5AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators. Notes Author| Note ---|--- | Priority reason: Info leak i...
2.7CVSS
7AI Score
0.0004EPSS
2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject...
EPSS
cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
EPSS
GLSA-202407-01 : Zsh: Prompt Expansion Vulnerability
The remote host is affected by the vulnerability described in GLSA-202407-01 (Zsh: Prompt Expansion Vulnerability) Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...
7.8CVSS
7.4AI Score
0.001EPSS
GLSA-202407-07 : cpio: Arbitrary Code Execution
The remote host is affected by the vulnerability described in GLSA-202407-07 (cpio: Arbitrary Code Execution) Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
7.8CVSS
8AI Score
0.043EPSS
Vulnerability in Moodle virtual learning environment related to improper validation of allowed event types in the calendar web service. events in the calendar web service. Exploitation of the vulnerability could allow an attacker acting remotely, to create events with types/audience for which they....
6.5AI Score
0.0004EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0717)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0717 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin...
8.1CVSS
6.2AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0711)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0711 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the...
7.5CVSS
7AI Score
EPSS
FreeBSD : netatalk3 -- Multiple vulnerabilities (c742dbe8-3704-11ef-9e6e-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c742dbe8-3704-11ef-9e6e-b42e991fc52e advisory. [email protected] reports: This entry documents the following three vulnerabilities: Tenable has...
7.6AI Score
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages espeak-ng - Multi-lingual software speech synthesizer Details It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a...
5.5CVSS
7.6AI Score
0.001EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0707)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0707 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an...
4.3CVSS
7.4AI Score
EPSS
Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0716)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0716 advisory. In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an...
5.3CVSS
7.1AI Score
EPSS
Background Pixman is a pixel manipulation library. Description A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details. Impact An out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 can occur due to an integer overflow in.....
8.8CVSS
7.6AI Score
0.003EPSS
8.1CVSS
8.1AI Score
EPSS
cryptography: Multiple Vulnerabilities
Background cryptography is a package which provides cryptographic recipes and primitives to Python developers. Description Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
9.1CVSS
7.7AI Score
0.008EPSS
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.2AI Score
EPSS
8.1CVSS
8.4AI Score
EPSS
Race condition in SIGALRM handling code Bugs https://bugzilla.mindrot.org/show_bug.cgi?id=3690 https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2070497 Notes Author| Note ---|--- | Priority reason: Potential remote code execution seth-arnold | openssh-ssh1 is provided for compatibility...
8.1CVSS
7.8AI Score
EPSS
CVE-2024-6419 SourceCodester Medicine Tracker System sql injection
A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=save_medicine. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has....
6.3CVSS
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
0.0004EPSS
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. The attack may be launched...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.6AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. The attack may be launched...
6.3CVSS
0.0004EPSS
CVE-2024-6418 SourceCodester Medicine Tracker System sql injection
A vulnerability classified as critical has been found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file /classes/Users.php?f=register_user. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
0.0004EPSS
CVE-2024-6417 SourceCodester Simple Online Bidding System sql injection
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. The attack may be launched...
6.3CVSS
0.0004EPSS
eightcap.com Cross Site Scripting vulnerability OBB-3939800
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The.....
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The.....
6.3CVSS
0.0004EPSS
CVE-2024-6416 SeaCMS sql injection
A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The.....
6.3CVSS
0.0004EPSS
dvgiochi.com Cross Site Scripting vulnerability OBB-3939799
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters....
7.5CVSS
6.9AI Score
0.0004EPSS
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters....
7.5CVSS
7.5AI Score
0.0004EPSS
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters....
7.5CVSS
0.0004EPSS
edenprojectcommunities.com Cross Site Scripting vulnerability OBB-3939797
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
restaurantcateringsystems.com Cross Site Scripting vulnerability OBB-3939796
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
levelovoyageur.com Cross Site Scripting vulnerability OBB-3939794
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
hovawarte-vom-hechtmoor.de Cross Site Scripting vulnerability OBB-3939793
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
twww-webdesign.de Cross Site Scripting vulnerability OBB-3939792
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-34703 Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4, an attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters....
7.5CVSS
0.0004EPSS
it-sentry.com Cross Site Scripting vulnerability OBB-3939791
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
eltallerdelmodelista.com Cross Site Scripting vulnerability OBB-3939790
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
eltrade.com Cross Site Scripting vulnerability OBB-3939789
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
5.2AI Score
0.0004EPSS