Lucene search
K

6773 matches found

Tenable Nessus
Tenable Nessus
added 2025/01/16 12:0 a.m.17 views

SUSE SLES15 Security Update : kernel (Live Patch 28 for SLE 15 SP4) (SUSE-SU-2025:0111-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0111-1 advisory. This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: - CVE-2024-50264:...

7.8CVSS6.9AI score0.00352EPSS
Exploits1References20
OSV
OSV
added 2025/01/14 6:15 p.m.19 views

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS6.3AI score0.72059EPSS
Exploits8References7
OSV
OSV
added 2025/01/14 2:15 p.m.2 views

CVE-2024-47572

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file...

8CVSS5.9AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 7:15 a.m.5 views

CVE-2024-12008

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...

7.5CVSS7.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/14 7:5 a.m.11 views

CVE-2024-12008 W3 Total Cache <= 2.8.1 Information Exposure via Log Files

The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For exampl...

5.3CVSS5AI score0.02169EPSS
Exploits0References3
OSV
OSV
added 2025/01/14 1:15 a.m.3 views

CVE-2024-57628

An issue in the expvaluessetsupertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.00562EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.7 views

PT-2025-3495 · Monetdb · Monetdb Server

Name of the Vulnerable Software and Affected Versions: MonetDB Server version 11.49.1 Description: The issue in the exp values set supertype component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server version 11.49.1, consider...

7.5CVSS7.5AI score0.00562EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.3 views

Fortinet FortiSOAR 安全漏洞

Fortinet FortiSOAR is a Secure Orchestration, Automation, and Response SOAR solution from Fortinet. A security vulnerability exists in Fortinet FortiSOAR that stems from the improper neutralization of formula elements in a csv file. An attacker can use this vulnerability to execute unauthorized...

9CVSS7.2AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2025/01/11 1:15 p.m.3 views

UBUNTU-CVE-2024-49568

In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2extoffset/eidcnt/ismgidcnt when receiving proposal msg When receiving proposal msg in server, the fields v2extoffset/ eidcnt/ismgidcnt in proposal msg are from the remote client and can not be fully trusted...

5.5CVSS6.2AI score0.00212EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2025/01/10 12:22 a.m.3 views

SUSE CVE-2024-56596

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfsreaddir The stbl might contain some invalid values. Added a check to return error code in that case...

5.5CVSS7.7AI score0.0023EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.5 views

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6, which stems from a lack of CSRF protection for the logout feature, which allows an attacker to send a CSV file to the victim to view uploaded data...

8.8CVSS6.7AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.7 views

PT-2025-4826 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A Reflected cross-site scripting XSS vulnerability exists in the email-subject field when uploading a CSV file containing a list of alert configurations. An attacker can send a CSV file with the XSS payload ...

6.1CVSS5.5AI score0.00273EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/01/09 12:33 a.m.32 views

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

4CVSS5.2AI score0.00332EPSS
Exploits2
OSV
OSV
added 2025/01/08 4:15 p.m.2 views

UBUNTU-CVE-2024-51737

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an...

7CVSS6.1AI score0.00396EPSS
Exploits1References4
Veracode
Veracode
added 2025/01/08 7:38 a.m.15 views

Timing Attack

tecnickcom/tcpdf is vulnerable to a Timing Attack. The vulnerability is due to the use of loose comparison != in the unserializeTCPDFtag function, which lacks a constant-time comparison, allowing an attacker to infer hash values through timing discrepancies...

7.5CVSS6.9AI score0.00593EPSS
Exploits0References7Affected Software1
SUSE CVE
SUSE CVE
added 2025/01/08 12:27 a.m.2 views

SUSE CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

6.7CVSS6.9AI score0.00528EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/01/07 1:49 p.m.10 views

CVE-2024-12426

A flaw was found in LibreOffice. This issue may allow the exposure of environmental variables and arbitrary INI file values, leading to sensitive information disclosure via crafted URLs embedded in documents...

5CVSS6.3AI score0.00528EPSS
Exploits0References4
OSV
OSV
added 2025/01/07 1:15 p.m.13 views

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

6.5CVSS6.5AI score0.00528EPSS
Exploits0References2
OSV
OSV
added 2025/01/07 1:15 p.m.1 views

DEBIAN-CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

6.5CVSS6AI score0.00528EPSS
Exploits0References1
OSV
OSV
added 2025/01/07 1:15 p.m.1 views

UBUNTU-CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

6.7CVSS5.9AI score0.00528EPSS
Exploits0References4
Rows per page
Query Builder