CVE-2024-35736 WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through...
8.5CVSS
0.0004EPSS
CVE-2024-35736 WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through...
8.5CVSS
7.7AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...
8.5CVSS
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...
8.5CVSS
7.7AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...
8.2CVSS
6.8AI Score
0.0004EPSS
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings
A number of classes, primarily within the Zend_Form, Zend_Filter, Zend_Form, Zend_Log and Zend_View components, contained character encoding inconsistencies whereby calls to the htmlspecialchars() and htmlentities() functions used undefined or hard coded charset parameters. In many of these cases.....
5.9AI Score
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings
A number of classes, primarily within the Zend_Form, Zend_Filter, Zend_Form, Zend_Log and Zend_View components, contained character encoding inconsistencies whereby calls to the htmlspecialchars() and htmlentities() functions used undefined or hard coded charset parameters. In many of these cases.....
5.9AI Score
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue, which is described in more detail here:...
7.8AI Score
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue, which is described in more detail here:...
7.8AI Score
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020,...
7.2AI Score
IBM DB2 DoS (7145726) (Windows)
According to its self-reported version number, IBM Db2 on Windows is vulnerable to a denial of service by an authenticated user using a specially crafted query. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
5.3CVSS
5.2AI Score
0.0004EPSS
IBM DB2 Multiple Vulnerabilities (7145721, 7145727) (Windows)
According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites: IBM Db2 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. (CVE-2023-38729) IBM Db2 is vulnerable to a denial of service caused by a...
6.8CVSS
5.5AI Score
0.0004EPSS
IBM DB2 Multiple Vulnerabilities (7145722, 7145730) (Unix)
According to its self-reported version number, IBM Db2 on Unix may be affected by multiple vulnerabilites: IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. (CVE-2023-52296) IBM® Db2® is vulnerable to a denial of service with a...
5.3CVSS
5.1AI Score
0.0004EPSS
According to its self-reported version number, IBM Db2 on Unix is vulnerable to a denial of service by an authenticated user using a specially crafted query. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
5.3CVSS
5.2AI Score
0.0004EPSS
IBM DB2 Multiple Vulnerabilities (7145722, 7145730) (Windows)
According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites: IBM® Db2® is vulnerable to denial of service when quering a specific UDF built-in function concurrently. (CVE-2023-52296) IBM® Db2® is vulnerable to a denial of service with a...
5.3CVSS
5.1AI Score
0.0004EPSS
IBM DB2 Information Disclosure (7145721) (Unix)
According to it self-reported version number, IBM Db2 is affected by an information disclosure vulnerability when using ADMIN_CMD with IMPORT or EXPORT. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6.8CVSS
6.4AI Score
0.0004EPSS
8.8CVSS
6AI Score
0.002EPSS
Fedora: Security Advisory for rust-sd (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
According to it self-reported version number, IBM Db2 is affected by a denial of service vulnerability with a specially crafted query under certain conditions.. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
5.3CVSS
6.6AI Score
0.0004EPSS
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...
7.5AI Score
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...
7.5AI Score
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an...
6.4CVSS
7.9AI Score
0.0004EPSS
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an...
6.4CVSS
6.7AI Score
0.0004EPSS
Remote code execution in mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...
10CVSS
9.7AI Score
0.0004EPSS
Remote code execution in mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...
10CVSS
8.1AI Score
0.0004EPSS
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an...
6.4CVSS
0.0004EPSS
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an...
6.4CVSS
6.7AI Score
0.0004EPSS
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /execute_code endpoint, which is intended to be blocked from external access by default. However,...
9.8CVSS
8.6AI Score
0.0004EPSS
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /execute_code endpoint, which is intended to be blocked from external access by default. However,...
9.8CVSS
0.0004EPSS
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the _speech method of the....
7.8CVSS
0.0004EPSS
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...
10CVSS
0.0004EPSS
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...
10CVSS
8.1AI Score
0.0004EPSS
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...
8.8CVSS
7.7AI Score
0.0004EPSS
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the _speech method of the....
7.8CVSS
8.3AI Score
0.0004EPSS
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the _speech method of the....
7.8CVSS
8AI Score
0.0004EPSS
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...
8.8CVSS
0.0004EPSS
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...
8.8CVSS
8AI Score
0.0004EPSS
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...
10CVSS
9.7AI Score
0.0004EPSS
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /execute_code endpoint, which is intended to be blocked from external access by default. However,...
9.8CVSS
0.0004EPSS
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /execute_code endpoint, which is intended to be blocked from external access by default. However,...
9.8CVSS
8.3AI Score
0.0004EPSS
CVE-2024-1880 OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the _speech method of the....
7.8CVSS
0.0004EPSS
CVE-2024-1880 OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the _speech method of the....
7.8CVSS
8AI Score
0.0004EPSS
CVE-2024-5225 SQL Injection in berriai/litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an...
6.4CVSS
7.9AI Score
0.0004EPSS
CVE-2024-5225 SQL Injection in berriai/litellm
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an...
6.4CVSS
0.0004EPSS
CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...
10CVSS
0.0004EPSS
CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the mlflow.data.http_dataset_source.py module. Specifically, when loading a dataset from a source URL with an HTTP...
10CVSS
8AI Score
0.0004EPSS
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...
8.8CVSS
0.0004EPSS
Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletin(s) listed in the...
6.8AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.6AI Score
EPSS
USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in certain environments. This update fixes the problem. Original advisory details: Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the ....
8.8CVSS
8.5AI Score
0.002EPSS