Lucene search

K

Wordfence Security – Firewall & Malware Scan Security Vulnerabilities

nvd
nvd

CVE-2024-4680

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the.....

3.9CVSS

2024-06-08 08:15 PM
3
cve
cve

CVE-2024-4680

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the.....

3.9CVSS

2024-06-08 08:15 PM
3
cve
cve

CVE-2024-4146

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

9.8CVSS

2024-06-08 08:15 PM
3
nvd
nvd

CVE-2024-4146

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

9.8CVSS

2024-06-08 08:15 PM
3
cvelist
cvelist

CVE-2024-4146 Improper Authorization in lunary-ai/lunary

In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

9.8CVSS

2024-06-08 07:41 PM
3
mageia
mageia

Updated 0-plugins-base packages fix security vulnerability

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS

2024-06-08 07:34 PM
8
nvd
nvd

CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for...

2024-06-08 02:15 PM
cve
cve

CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for...

2024-06-08 02:15 PM
openbugbounty
openbugbounty

ommouldings.com Cross Site Scripting vulnerability OBB-3933911

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 02:04 PM
4
openbugbounty
openbugbounty

eduroyale.in Cross Site Scripting vulnerability OBB-3933910

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 01:01 PM
1
openbugbounty
openbugbounty

baseballsavant.mlb.com Cross Site Scripting vulnerability OBB-3933908

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 11:30 AM
2
cve
cve

CVE-2024-5742

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

2024-06-08 11:10 AM
4
debiancve
debiancve

CVE-2024-5742

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

2024-06-08 11:10 AM
1
openbugbounty
openbugbounty

andipublisher.com Cross Site Scripting vulnerability OBB-3933904

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 10:44 AM
5
wired
wired

Apple Is Coming for Your Password Manager

Plus: A media executive is charged in an alleged money-laundering scheme, a ransomware attack disrupts care at London hospitals, and Google’s former CEO has a secretive drone project up his...

2024-06-08 10:30 AM
4
openbugbounty
openbugbounty

mszasada.cz Cross Site Scripting vulnerability OBB-3933903

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 10:10 AM
3
openbugbounty
openbugbounty

leschocolatsdisa.fr Cross Site Scripting vulnerability OBB-3933902

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 09:48 AM
2
cve
cve

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS

2024-06-08 09:15 AM
4
nvd
nvd

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS

2024-06-08 09:15 AM
8
cve
cve

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

4.3CVSS

2024-06-08 08:15 AM
2
nvd
nvd

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

4.3CVSS

2024-06-08 08:15 AM
1
openbugbounty
openbugbounty

reiinsiders.com Cross Site Scripting vulnerability OBB-3933901

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 08:13 AM
4
openbugbounty
openbugbounty

redbarnet.dk Cross Site Scripting vulnerability OBB-3933898

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 08:11 AM
4
openbugbounty
openbugbounty

picell-pwd.gov.in Cross Site Scripting vulnerability OBB-3933897

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 08:02 AM
4
openbugbounty
openbugbounty

realtimebillionaires.de Cross Site Scripting vulnerability OBB-3933894

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 07:52 AM
3
openbugbounty
openbugbounty

realcouchtuner.com Cross Site Scripting vulnerability OBB-3933893

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 07:50 AM
2
openbugbounty
openbugbounty

rayobyte.com Cross Site Scripting vulnerability OBB-3933891

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 07:47 AM
2
openbugbounty
openbugbounty

raycranley.com Cross Site Scripting vulnerability OBB-3933890

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 07:46 AM
3
openbugbounty
openbugbounty

arabkirmc.am Cross Site Scripting vulnerability OBB-3933889

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 07:40 AM
3
osv
osv

BIT-mlflow-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted...

8.8CVSS

2024-06-08 07:27 AM
osv
osv

BIT-mlflow-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted...

8.8CVSS

2024-06-08 07:26 AM
osv
osv

BIT-mlflow-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted...

8.8CVSS

2024-06-08 07:26 AM
osv
osv

BIT-mlflow-2024-37055

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted...

8.8CVSS

2024-06-08 07:26 AM
osv
osv

BIT-mlflow-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted...

8.8CVSS

2024-06-08 07:26 AM
osv
osv

BIT-mlflow-2024-37058

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted...

8.8CVSS

2024-06-08 07:25 AM
osv
osv

BIT-mlflow-2024-37059

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted...

8.8CVSS

2024-06-08 07:25 AM
osv
osv

BIT-mlflow-2024-37060

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when...

8.8CVSS

2024-06-08 07:24 AM
osv
osv

BIT-mlflow-2024-37061

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when...

8.8CVSS

2024-06-08 07:24 AM
openbugbounty
openbugbounty

potteau.be Cross Site Scripting vulnerability OBB-3933886

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 07:19 AM
2
osv
osv

BIT-argo-cd-2024-36106

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This....

4.3CVSS

2024-06-08 07:16 AM
osv
osv

BIT-argo-cd-2024-37152

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in...

5.3CVSS

2024-06-08 07:16 AM
1
cve
cve

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

2024-06-08 07:15 AM
nvd
nvd

CVE-2024-5091

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

7.4CVSS

2024-06-08 07:15 AM
2
cve
cve

CVE-2024-5758

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

2024-06-08 07:15 AM
3
nvd
nvd

CVE-2024-5758

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

2024-06-08 07:15 AM
2
openbugbounty
openbugbounty

southenterprise.com Cross Site Scripting vulnerability OBB-3933884

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 06:59 AM
2
openbugbounty
openbugbounty

hermans-veren.com Cross Site Scripting vulnerability OBB-3933882

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 06:51 AM
1
openbugbounty
openbugbounty

portal.zedhia.at Cross Site Scripting vulnerability OBB-3933881

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 06:46 AM
1
openbugbounty
openbugbounty

hubspotonwebflow.com Cross Site Scripting vulnerability OBB-3933880

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

2024-06-08 06:44 AM
2
Total number of security vulnerabilities2554584