Lucene search
K

313 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:38 p.m.14 views

CVE-2020-26276

Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP. Users that configure Fleet...

10CVSS6.6AI score0.02168EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 3:38 a.m.10 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS6.5AI score0.00425EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/17 12:0 a.m.24 views

Joomla! 5.x < 5.2.3 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.20, 4.x prior to 4.4.10 or 5.x prior to 5.2.3. It is, therefore, affected by multiple vulnerabilities. - Various module chromes didn't properly process inputs, leading to XSS...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References7
NVD
NVD
added 2024/11/20 12:15 p.m.11 views

CVE-2024-11404

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3...

5.5CVSS0.0034EPSS
Exploits0References5
OSV
OSV
added 2024/10/30 7:56 a.m.14 views

SUSE-SU-2024:3785-1 Security update for pcp

This update for pcp fixes the following issues: pcp was updated from version 5.2.5 to version 6.2.0 jscPED-8192, jscPED-8389: - Security issues fixed: CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user bsc1230552 CVE-2024-45769: Fixed a heap corruption...

6.7CVSS6.1AI score0.00288EPSS
Exploits0References9
NVD
NVD
added 2024/10/25 8:15 a.m.28 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS0.00425EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/25 7:57 a.m.10 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS7.5AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/25 7:57 a.m.27 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS0.00425EPSS
Exploits0References1
CVE
CVE
added 2024/10/25 7:57 a.m.48 views

CVE-2024-45785

MUSASI version 3 is affected by a client-side authentication flaw (CWE-603) that can allow a user to fetch another user’s credentials and sensitive information. Multiple sources (CVE-2024-45785 entries across NVD, JVN, Red Hat, and vendor advisories) confirm the issue arises from authentication l...

7.5CVSS6.6AI score0.00425EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/18 12:0 a.m.13 views

JVN#31982676: MUSASI version 3 performing authentication on client-side

MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This behavior...

7.5CVSS7.2AI score0.00425EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2024/09/24 12:0 a.m.29 views

Moderate: gtk3 security update

The GTK+ library provides a multi-platform toolkit for creating graphical user interfaces. The gtk3 packages contain GTK+ version 3. Security Fixes: gtk3: gtk2: Library injection from CWD CVE-2024-6655 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

7CVSS7.6AI score0.00464EPSS
Exploits0References4
Fedora
Fedora
added 2024/09/13 1:55 a.m.35 views

[SECURITY] Fedora 40 Update: python3.11-3.11.10-1.fc40

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

8.7CVSS7.4AI score0.02527EPSS
Exploits4
UbuntuCve
UbuntuCve
added 2024/09/04 3:15 p.m.11 views

CVE-2024-45506

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...

7.5CVSS7.1AI score0.01203EPSS
Exploits0References4
Amazon
Amazon
added 2024/08/19 12:0 a.m.9 views

Medium: ruby3.2

Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory address read vulnerability with Regex search CVE-2024-27282 Affected Packages: ruby3.2 Issue Correction: Run dnf update ruby3.2 --releasever 2023.5.20240819 or dnf update --advisory...

6.6CVSS6.8AI score0.01571EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.33 views

Joomla! 3.x < 3.10.16 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...

6.1CVSS6.1AI score0.00463EPSS
Exploits0References11
CVE
CVE
added 2024/06/28 12:0 a.m.47 views

CVE-2024-37741

OpenPLC 3 through 9cd8f1b is affected by a cross-site scripting (XSS) vulnerability that can be triggered via an SVG document used as a profile picture. The issue arises from insufficient filtering/escaping of user-supplied data, enabling script execution within a victim’s browser. Affected produ...

5.4CVSS6AI score0.00334EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/06/26 9:15 p.m.18 views

CVE-2024-23767

An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations...

8.8CVSS0.00406EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.4 views

Smarty 安全漏洞

Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A security vulnerability exists in Smarty that stems from allowing an attacker to inject PHP code by selecting a malicious filename via extends-tag. Affected products and versions:...

7.3CVSS7.4AI score0.00507EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2024/05/23 12:0 a.m.49 views

traceroute security update

3:2.1.0-8 - add gating.yaml 3:2.1.0-7 - fix improper command line parsing CVE-2023-46316...

5.5CVSS7.1AI score0.00367EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.15 views

PT-2024-40514 · Contao · Contao/Core

Name of the Vulnerable Software and Affected Versions: contao/core versions 2.x prior to 2.11.17 contao/core versions 3.x prior to 3.2.9 Description: The issue is related to arbitrary code execution on the server due to insufficient input validation. Attackers can exploit this by entering a...

9CVSS7.9AI score
Exploits0References7
Rows per page
Query Builder