CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2
CVE-2022-1292 affecting package hvloader for versions less than 1.0.1-2. An upgraded version of the package is available that resolves this...
9.8CVSS
7.2AI Score
0.106EPSS
CVE-2024-32613 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-32613 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
6.9AI Score
EPSS
CVE-2024-32605 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-32605 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2024-30260 affecting package nodejs for versions less than 20.14.0-1
CVE-2024-30260 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...
3.9CVSS
4.4AI Score
0.0004EPSS
CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1
CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...
2.6CVSS
6.9AI Score
0.0004EPSS
CVE-2024-29159 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-29159 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1
CVE-2024-29163 affecting package hdf5 for versions less than 1.14.4.3-1. An upgraded version of the package is available that resolves this...
7AI Score
EPSS
CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3
CVE-2022-28805 affecting package ntopng for versions less than 5.2.1-3. A patched version of the package is...
9.1CVSS
6.9AI Score
0.003EPSS
CVE-2023-52425 affecting package expat for versions less than 2.6.2-1
CVE-2023-52425 affecting package expat for versions less than 2.6.2-1. An upgraded version of the package is available that resolves this...
7.5CVSS
7.1AI Score
0.001EPSS
CVE-2024-0567 affecting package gnutls for versions less than 3.8.3-1
CVE-2024-0567 affecting package gnutls for versions less than 3.8.3-1. An upgraded version of the package is available that resolves this...
7.5CVSS
6.9AI Score
0.001EPSS
CVE-2024-21626 affecting package kubernetes for versions less than 1.30.1-1
CVE-2024-21626 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...
8.6CVSS
8.9AI Score
0.051EPSS
CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1
CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...
6.9AI Score
0.0004EPSS
CVE-2024-21890 affecting package nodejs for versions less than 20.14.0-1
CVE-2024-21890 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...
5CVSS
6.9AI Score
0.0004EPSS
CVE-2023-44487 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-44487 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...
7.5CVSS
8.7AI Score
0.732EPSS
CVE-2023-39325 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-39325 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2024-21896 affecting package nodejs for versions less than 20.14.0-1
CVE-2024-21896 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this...
7.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6
CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6. A patched version of the package is...
7.3CVSS
7.4AI Score
0.001EPSS
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...
5.3CVSS
6.9AI Score
0.0004EPSS
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...
5.4CVSS
7AI Score
0.0004EPSS
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...
5.3CVSS
6.9AI Score
0.0004EPSS
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...
5.4CVSS
7AI Score
0.0004EPSS
github.com/lightningnetwork/lnd is vulnerable to Improper Input Validation. The vulnerability is due to excessive memory allocation during the parsing process, which creates a Denial-Of-Service (DoS)...
6.5CVSS
6.7AI Score
0.0004EPSS
7.2AI Score
github.com/go-skynet/LocalAI is vulnerable to path traversal. The vulnerability is due to insufficient input validation of the model parameter during the model deletion process, which allows an attacker to delete arbitrary files on the host file...
7.5CVSS
7.1AI Score
0.0004EPSS
SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive...
8.6CVSS
6.8AI Score
0.343EPSS
US bans Kaspersky, warns: “Immediately stop using that software”
The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the.....
7.1AI Score
Gin-vue-admin is vulnerable to SQL injection. The vulnerability is due to insufficient validation user input which allows an attacker to execute arbitrary SQL...
8.8CVSS
8.2AI Score
0.0004EPSS
7.2AI Score
EPSS
7.5CVSS
7.2AI Score
0.002EPSS
8.8CVSS
7.2AI Score
0.002EPSS
6.1CVSS
6.7AI Score
0.003EPSS
6.5CVSS
6.7AI Score
0.001EPSS
7.5CVSS
6.7AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
7.4CVSS
6.7AI Score
0.003EPSS
7.5CVSS
6.7AI Score
0.001EPSS
7.5CVSS
6.6AI Score
0.02EPSS
8.8CVSS
8.7AI Score
0.001EPSS
typo3/cms is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks, allowing editors to gain knowledge of protected storages and their folders. Attackers can exploit this by using a valid backend user account to include protected files in a collection...
7.2AI Score
silverstripe/framework is vulnerable to User Enumeration. The vulnerability is due to a timing attack on the login or password reset pages, allowing an attacker to determine the existence of user credentials based on response...
7.2AI Score
Was T-Mobile compromised by a zero-day in Jira?
A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com...
10CVSS
8.2AI Score
0.001EPSS
Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details" section....
7.5CVSS
7.7AI Score
0.001EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
silverstripe/framework is vulnerable to SQL injection. The vulnerability is due to the 'start' querystring parameter not being safely escaped, which exposes a possible SQL injection...
8.4AI Score
github.com/drakkan/sftpgo is vulnerable to Incorrect Authorization. The vulnerability is due to a lack of session invalidation when a user or admin changes their password, which allows an attacker to regain access to restricted accounts by resetting the accounts password. Note that this...
5.4CVSS
6.8AI Score
0.0004EPSS
js2py is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the js2py.disable_pyimport() function failing to prevent JS sandbox escape, which allows an attacker to send crafted API calls which results in arbitrary code...
7.7AI Score
0.0004EPSS
io.undertow: undertow-core is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of URL-encoded request paths for concurrent requests on the ajp-listener, which can cause the wrong path to be processed, potentially leading to Denial Of Service...
7.5CVSS
6.7AI Score
0.0004EPSS