Lucene search
K

5655 matches found

Amazon
Amazon
added 2024/07/22 12:0 a.m.26 views

Important: audiofile

Issue Overview: Buffer overflow in the afReadFrames function in audiofile aka libaudiofile and Audio File Library allows user-assisted remote attackers to cause a denial of service program crash or possibly execute arbitrary code via a crafted audio file, as demonstrated by...

8.8CVSS8.2AI score0.08802EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/07/17 12:0 a.m.7 views

The vulnerability of the wpo365 plugin of the WordPress content management system allows a hacker to execute XSS attacks.

The vulnerability of the wpo365 plugin of the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.4AI score0.00273EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 1:21 p.m.36 views

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2023-46219, CVE-2023-46218 Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw...

6.5CVSS6.5AI score0.01685EPSS
Exploits2Affected Software1
Redos
Redos
added 2024/07/13 12:0 a.m.20 views

ROS-20240711-02

A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...

8.3CVSS6.4AI score0.01279EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/07/10 7:0 a.m.4 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

...

5.5CVSS6.6AI score0.0081EPSS
Exploits0
CERT
CERT
added 2024/07/09 12:0 a.m.13 views

Use-after-free vulnerability in lighttpd version 1.4.50 and earlier

Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access...

5.3CVSS5.8AI score0.00662EPSS
Exploits0References5
NVD
NVD
added 2024/06/27 1:16 p.m.19 views

CVE-2024-6373

A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The...

9.8CVSS0.00867EPSS
Exploits1References4
Redos
Redos
added 2024/06/07 12:0 a.m.7 views

ROS-20240607-07

Vulnerability of system views pgstatsext, pgstatsextexprs of PostgreSQL DBMS is related to privilege management errors in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...

4.3CVSS4AI score0.00722EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.19 views

OpenSSL 0.9.7 < 0.9.7h Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.7h. It is, therefore, affected by a vulnerability as referenced in the 0.9.7h advisory. - The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option,...

5CVSS6.5AI score0.04866EPSS
Exploits0References3
CVE
CVE
added 2024/06/05 9:0 p.m.56 views

CVE-2024-5653

CVE-2024-5653 affects Chanjet Smooth T+system 3.5. The SQL injection vulnerability arises from insecure handling of the KeyID parameter in /tplus/UFAQD/keyEdit.aspx, enabling remote exploitation. Multiple sources corroborate the issue and indicate public exploitation may be possible. Remediation ...

9.8CVSS7.7AI score0.00506EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.23 views

RHEL 7 : openvswitch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dpdk: librtevhost Integer truncation in vhostusercheckandallocqueuepair CVE-2020-10723 - openvswitch:...

9.8CVSS7.7AI score0.0177EPSS
Exploits2References8
CVE
CVE
added 2024/05/19 8:0 a.m.50 views

CVE-2024-5099

CVE-2024-5099 concerns SourceCodester Simple Inventory System 1.0. The vulnerability resides in the file updateprice.php , where manipulating the argument ITEM results in an SQL injection. The issue is exploitable remotely, and public exploit information has been disclosed. Several connected sour...

6.5CVSS7.3AI score0.0049EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.3 views

PT-2024-11707 · Unknown · Lenderd 1003 Mortgage Application

Name of the Vulnerable Software and Affected Versions: Lenderd 1003 Mortgage Application versions 1.75 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Relative Path...

7.7CVSS8.8AI score0.00936EPSS
Exploits0References6
CVE
CVE
added 2024/05/16 7:31 a.m.56 views

CVE-2024-4965

The CVE-2024-4965 issue is a remote OS command injection in D-Link DAR-7000-40 (V31R02B1413C) triggered by manipulating the load parameter in /useratte/resmanage.php. Affected product: D-Link DAR-7000-40 (and possibly DAR-7000/DAR-8000 per PT-2024-3650). Root cause: lack of input neutralization i...

9.8CVSS7.4AI score0.02853EPSS
Exploits0References5Affected Software1
Redos
Redos
added 2024/05/14 12:0 a.m.15 views

ROS-20240514-16

The vulnerability of the file includes/specials/SpecialMovePage.php of the software tool for implementing the MediaWiki hypertext environment is related to incorrect resource clearing or freeing. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.7AI score0.00898EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.30 views

RHEL 6 : qt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qt: QPluginLoader loads plugins relative to CWD which could result in arbitrary code execution...

7.3AI score0.03915EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.34 views

RHEL 7 : mutt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mutt: buffer overflow via base64 data CVE-2018-14359 - An issue was discovered in Mutt before 1.10.1 and...

7.7AI score0.0502EPSS
Exploits2References11
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.5 views

PT-2024-25734

Name of the Vulnerable Software and Affected Versions TinyWeb versions 1.94 and below Description The issue allows unauthenticated remote attackers to cause a denial of service, specifically a buffer overflow, when sending excessively large elements in the request line. Recommendations For TinyWe...

8.6CVSS7AI score0.01226EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.6 views

PT-2024-32239

Name of the Vulnerable Software and Affected Versions Campcodes Complete Web-Based School Management System version 1.0 Description A problematic issue has been found in the system, affecting the /view/exam timetable grade wise.php file. The exam argument is vulnerable to cross-site scripting...

6.1CVSS4AI score0.0066EPSS
Exploits1References7
CVE
CVE
added 2024/05/05 6:0 p.m.62 views

CVE-2024-4500

SourceCodester Prison Management System 1.0 contains a vulnerability in the /Employee/edit-photo.php handler. The parameter userImage enables unrestricted file upload, which can be triggered remotely. The issue is explicitly described as allowing an unrestricted upload and has been publicly discl...

8.8CVSS7AI score0.00857EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder