Lucene search
K

738 matches found

Vulnrichment
Vulnrichment
added 2024/08/11 2:31 a.m.13 views

CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

6.3CVSS6.9AI score0.00786EPSS
Exploits0References5
CVE
CVE
added 2024/08/11 2:0 a.m.52 views

CVE-2024-7658

ProjectSend (up to r1605) has a vulnerability in the get_preview function of process.php that allows improper control of resource identifiers, potentially exploitable remotely. Multiple sources (NVD, Red Hat, osv.dev, CVE listings, PT Security) consistently describe this as a resource-ID manipula...

6.9CVSS5.4AI score0.00791EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/08/11 2:0 a.m.18 views

CVE-2024-7658 projectsend process.php get_preview resource injection

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function getpreview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720...

6.9CVSS0.00791EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/07 4:53 p.m.37 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable Vulnerability Details CVEID:CVE-2024-21094...

7.5CVSS5AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/31 10:54 p.m.23 views

Security Bulletin: Apache Santuario Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2023-44483]

Summary Vulnerability found in Apache Santuario WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Liberty patternType pType. Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain...

6.5CVSS6.6AI score0.01212EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/31 9:18 p.m.34 views

Security Bulletin: Vulnerability in beego affects Cloud Pak System [CVE-2022-31836]

Summary Vulnerability in beego affects Cloud Pak System. IBM Cloud Pak System addrressed vulnerability. Vulnerability Details CVEID:CVE-2022-31836 DESCRIPTION: Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in the leafInfo.match function. An attacker...

9.8CVSS9.3AI score0.01503EPSS
Exploits1Affected Software1
OSV
OSV
added 2024/07/31 9:2 p.m.18 views

GHSA-567V-6HMG-6QG7 ZITADEL "ignoring unknown usernames" vulnerability

Impact ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Username or Password invalid". Due to a...

6.9CVSS5.2AI score0.00633EPSS
Exploits0References16
OSV
OSV
added 2024/07/31 4:54 p.m.15 views

GHSA-692V-783F-MG8X XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution

Impact By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on a XWiki...

9.4CVSS7.3AI score0.01572EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/07/24 7:12 p.m.11 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.4 packages and security update

Red Hat OpenShift Container Platform release 4.16.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

5.9CVSS6.7AI score0.01001EPSS
Exploits0References3
OSV
OSV
added 2024/07/24 6:45 p.m.8 views

USN-6913-1 php-cas vulnerability

Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...

8CVSS6.4AI score0.01064EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/07/17 1:49 a.m.24 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.45 packages and security update

Red Hat OpenShift Container Platform release 4.13.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

8.1CVSS7.3AI score0.01237EPSS
Exploits0References2
OSV
OSV
added 2024/07/15 8:15 p.m.2 views

UBUNTU-CVE-2024-40630

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...

4.3CVSS5.7AI score0.00448EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 8:1 p.m.21 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to IBM Java SDK (Tech Edition) vulnerabilities

Summary IBM Sterling Partner Engagement Manager 6.2.3.1, 6.1.2.10, and 6.2.0.8 address IBM Java SDK Tech Edition CPU vulnerabilities attached to this Security Bulletin. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component coul...

3.7CVSS4.8AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 2:58 p.m.7 views

Security Bulletin: A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard.

Summary A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the issues. Vulnerability Details IBM X-Force ID: 255317 DESCRIPTION: Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log write...

6.8AI score
Exploits0Affected Software1
NVD
NVD
added 2024/07/08 8:15 a.m.28 views

CVE-2024-37389

Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client...

5.4CVSS0.24031EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/03 6:51 a.m.27 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-37532)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

8.8CVSS8.9AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 5:59 a.m.39 views

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-45285, CVE-2023-39326, CVE-2023-45283...

7.5CVSS7.2AI score0.02758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 3:31 p.m.23 views

Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062

Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-34062...

4.8CVSS6.2AI score0.00432EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 3:25 p.m.24 views

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-34447

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

7.5CVSS7.7AI score0.0077EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/27 2:11 a.m.27 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.60 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

7.5CVSS7.2AI score0.91969EPSS
Exploits1References11
Rows per page
Query Builder