Lucene search
K

88 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/21 12:0 a.m.28 views

Joomla 3.0.x < 3.10.17 / 4.0.x < 4.4.7 / 5.0.x < 5.1.3 Multiple Vulnerabilities (5910-joomla-5-1-3-and-4-4-7-security-and-bug-fix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.10.17, 4.0.x prior to 4.4.7, or 5.0.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - Inadequate validation of URLs could result into an invalid check...

9.1CVSS7.2AI score0.00441EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2024/08/20 4:3 p.m.17 views

CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

7.2AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2024/08/20 4:3 p.m.132 views

CVE-2024-27184

CVE-2024-27184 affects Joomla! core and concerns inadequate validation of internal/redirect URLs, where a redirect URL check may be incorrect. The connected documents consistently describe this as a URL validation vulnerability in Joomla core, with no explicit exploit details provided. The issue ...

6.1CVSS6.6AI score0.00239EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.10 views

PT-2024-38375 · WordPress · Crm Perks Forms

Name of the Vulnerable Software and Affected Versions: CRM Perks Forms plugin for WordPress versions up to, and including, 1.1.3 Description: The issue is related to arbitrary file uploads due to insufficient file validation on the handle uploaded files function. This allows authenticated attacke...

7.2CVSS7.8AI score0.0093EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/07/09 4:15 p.m.21 views

CVE-2024-21729 [20240701] - Core - XSS in accessible media selection field

Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field...

6.2AI score0.00442EPSS
Exploits0References1
OSV
OSV
added 2024/06/06 9:30 p.m.28 views

GHSA-8F8Q-Q2J7-7J2M Undefined Behavior in mlflow

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

5.4CVSS5.1AI score0.00442EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.28 views

Undefined Behavior in mlflow

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

5.4CVSS5.2AI score0.00442EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/06/06 7:15 p.m.40 views

CVE-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

5.4CVSS0.00442EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 6:8 p.m.62 views

CVE-2024-3099

CVE-2024-3099 affects mlflow/mlflow 2.11.1 and is caused by inadequate validation of model names, allowing URL-encoded names to be treated as distinct from their decoded counterparts. This enables an attacker to create multiple models with the same name, leading to DoS (an authenticated user may ...

5.4CVSS5.1AI score0.00442EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/06/06 6:8 p.m.42 views

CVE-2024-3099 Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

5.4CVSS0.00442EPSS
Exploits1References1
Veracode
Veracode
added 2024/05/29 6:41 a.m.7 views

Open Redirect

silverstripe/framework library is vulnerable to Open Redirect. The vulnerability is due to inadequate validation of URLs, which allows attackers to craft malicious URLs that bypass redirection protections...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2024/05/21 5:10 p.m.61 views

CVE-2024-5148

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

7.5CVSS7.3AI score0.00569EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

SAP NetWeaver Application Server 代码问题漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A file upload vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from the application's lack of effective validation of uploaded files. The vulnerability can be exploited to remotely...

9.6CVSS7.7AI score0.00527EPSS
Exploits0References4
Veracode
Veracode
added 2024/04/23 9:7 a.m.21 views

SQL Injection

librenms/librenms is vulnerable to SQL Injection. The vulnerability is due to inadequate validation of the order parameter sourced from the $request in the file apifunctions.inc.php where the parameter value is directly incorporated into an SQL statement and concatenated. This allows attackers to...

7.2CVSS7.5AI score0.2028EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/04/18 4:12 a.m.32 views

Open Redirect

org.keycloak, keycloak-services is vulnerable to Open Redirect. The vulnerability is due to inadequate validation of URLs included in redirects, potentially allowing attackers to access other URLs and sensitive information within the domain or conduct further attacks...

8.1CVSS8.1AI score0.01552EPSS
Exploits0References17Affected Software2
Vulnrichment
Vulnrichment
added 2024/04/10 5:8 p.m.12 views

CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...

9.8CVSS7.5AI score0.00981EPSS
Exploits1References1
CVE
CVE
added 2024/04/10 5:8 p.m.92 views

CVE-2024-1511

CVE-2024-1511 affects parisneo/lollms-webui. Path traversal arises from inadequate validation of user-supplied file paths in multiple endpoints, enabling an unauthenticated attacker to read, write, and in some configurations execute arbitrary server files. Impact can occur even when the service r...

9.8CVSS7.2AI score0.00981EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/04/10 5:8 p.m.18 views

CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...

9.8CVSS9.6AI score0.00981EPSS
Exploits1References1
Veracode
Veracode
added 2024/04/10 11:32 a.m.18 views

Cross Site Request Forgery (CSRF)

org.apache.zeppelin: zeppelin-web is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate validation of requests, which allows an attacker to submit malicious requests via phishing...

5.4CVSS7AI score0.00482EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/04/01 10:5 p.m.27 views

Improper Array Index Validation

gtkwave is vulnerable to Improper Array Index Validation. The vulnerability is due to inadequate validation of array indices in the fstReaderIterBlocks2 tdelta functionality when signallens is 2 or more, allowing attackers to execute arbitrary code by crafting a specially crafted .fst file...

7.8CVSS7.9AI score0.00414EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder