Lucene search
K

545 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.37 views

TeamCity Server < 2023.11.3 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.3. It is, therefore, affected by multiple vulnerabilities: - Authentication bypass leading to RCE vulnerability CVE-2024-23917 - Path traversal allowed...

9.8CVSS7.7AI score0.5373EPSS
Exploits0References3
OSV
OSV
added 2024/02/06 9:15 a.m.5 views

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

7.5CVSS6.6AI score0.0072EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/01/30 12:0 a.m.14 views

WordPress 6.0 < 6.4.3

WordPress versions 6.0 6.4.3 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-4-3-maintenance-and-security-release. include'compat.inc'; if description...

7.1AI score
Exploits0References4
Veracode
Veracode
added 2024/01/24 11:25 a.m.21 views

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing/validating the HTML/JavaScript file that was downloaded from the import data feature from a remote web resource. An attacker can exploit this to download a HTML file that executes malicious JavaScrip...

6.1CVSS6.5AI score0.00592EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/23 11:15 p.m.27 views

CVE-2024-23633 Label Studio XSS Vulnerability on Data Import

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

4.7CVSS6.9AI score0.00592EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.3 views

eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

7.5CVSS5.8AI score0.0072EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/12/04 6:0 p.m.5 views

eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

7.5CVSS5.8AI score0.0072EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/12/04 12:0 a.m.34 views

ManageEngine NetFlow Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass

The version of ManageEngine NetFlow Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote attack...

7.5CVSS7.4AI score0.0793EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/30 12:0 a.m.8 views

Trellix Enterprise Security Manager < 11.6.8 SSRF

The version of Trellix Enterprise Security Manager running on the remote web server is prior to 11.6.8. It is, therefore, affected by a server-side request forgery SSRF vulnerability. Due to a flaw in the certificate validation functionality, a remote, authenticated attacker can upload arbitrary...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.17 views

ManageEngine SupportCenter Plus < 14.2 Build 14200

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.2 Build 14200. It is, therefore, affected by a vulnerability as referenced in the support-centerCVE-2023-38331 advisory. - Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS i...

5.4CVSS5.7AI score0.01887EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/20 12:0 a.m.36 views

Jenkins LTS < 2.414.2 / Jenkins weekly < 2.424 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.414.2 or Jenkins weekly prior to 2.424. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through...

8.8CVSS6.5AI score0.03388EPSS
Exploits0References6
NVD
NVD
added 2023/08/19 6:15 a.m.27 views

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

6.5CVSS6.2AI score0.00446EPSS
Exploits1References1
Prion
Prion
added 2023/08/19 6:15 a.m.51 views

Path traversal

Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies tex...

3.3CVSS6.7AI score0.00333EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/19 5:45 a.m.8 views

CVE-2023-2971 Typora Local File Disclosure

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

6.3CVSS6.8AI score0.00446EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/08/19 5:45 a.m.27 views

CVE-2023-2971 Typora Local File Disclosure

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

6.3CVSS6.6AI score0.00446EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/08/16 2:21 a.m.3 views

SUSE CVE-2023-4360

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS8.5AI score0.00657EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.89 views

Jenkins LTS < 2.401.3 / Jenkins weekly < 2.416 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.3 or Jenkins weekly prior to 2.416. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not saniti...

5.4CVSS6.2AI score0.00862EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.65 views

Jenkins LTS < 2.401.1 / Jenkins weekly < 2.400 XSRF

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.401.1 or Jenkins weekly prior to 2.400. It is, therefore, affected by the following vulnerability: - In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST...

8CVSS7.5AI score0.0086EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/25 12:0 a.m.47 views

FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities

According to its self-reported version, the instance of FatPipe MPVPN running on the remote web server is 10.1.2r60p91 or 10.2.2 10.2.2r42. It is, therefore, affected by multiple vulnerabilities, including: - FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42...

9.8CVSS6.9AI score0.05598EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2023/05/17 12:0 a.m.37 views

WordPress 6.0 < 6.2.1

WordPress versions 6.0 6.2.1 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory wordpress-6-2-1-maintenance-security-release. include'compat.inc'; if description...

7.1AI score
Exploits0References4
Rows per page
Query Builder