Lucene search
K

40449 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.11 views

CVE-2024-34071

Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in versions 8.18.14,...

6.1CVSS6.7AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:46 a.m.7 views

CVE-2024-25091

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.211013 when using 'VirusChecker' or 'ThreatChecker' feature and RevoWorks Browser prior to 2.2.95 when using 'VirusChecker' or 'ThreatChecker' feature. If data containing malware is saved in a specific file format...

9.1CVSS6.8AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.7 views

CVE-2024-23219

The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled...

6.2CVSS5.8AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.6 views

CVE-2024-1769

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 14 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source...

5.3CVSS6.7AI score0.00611EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.10 views

CVE-2024-24004

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...

9.8CVSS7.5AI score0.00676EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:17 a.m.3 views

CVE-2024-23444

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...

7.5CVSS6.9AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:15 a.m.5 views

CVE-2024-20885

Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission...

5.1CVSS6.3AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.3 views

CVE-2024-27887

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data...

6.2CVSS6.1AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.3 views

CVE-2024-40795

This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to read sensitive location information...

3.3CVSS5.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.5 views

CVE-2024-0437

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS6AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.9 views

CVE-2024-23105

A Use Of Less Trusted Source CWE-348 vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets...

7.5CVSS7.2AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:43 a.m.3 views

CVE-2024-33496

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

6.3CVSS6.7AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.3 views

CVE-2024-23332

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions o...

6.8CVSS6.7AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:39 a.m.8 views

CVE-2024-32787

Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1...

4.3CVSS6.8AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:34 a.m.5 views

CVE-2024-0042

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.3AI score0.00111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:26 a.m.4 views

CVE-2024-49501

Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function...

5.7CVSS6.8AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:26 a.m.8 views

CVE-2024-49592

Trial installer for McAfee Total Protection legacy trial installer software 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adversary or knowledgeable user" and the type of attack could be called "DLL-squatting." The issue only...

6.7CVSS7.1AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:25 a.m.8 views

CVE-2024-49306

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through = 3.5.9...

8.8CVSS5.9AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.7 views

CVE-2024-35539

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently...

6.5CVSS5.9AI score0.01445EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.5 views

CVE-2024-10869

The WordPress Brute Force Protection – Stop Brute Force Attacks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.2.6. This makes it possible for...

6.1CVSS5.6AI score0.00452EPSS
Exploits0References1
Rows per page
Query Builder