Lucene search
K

8531 matches found

CNNVD
CNNVD
added 2024/07/01 12:0 a.m.19 views

GeoServer Code Injection Vulnerability

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code injection vulnerability exists in GeoServer that stems from insecurely resolving attribute names to XPath expressions, which could lead to remote code...

9.8CVSS8.2AI score0.99813EPSS
Exploits26References9
Amazon
Amazon
added 2024/07/01 12:0 a.m.5 views

Medium: ansible-core

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

6.1CVSS6.9AI score0.00979EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.7 views

HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

...

8.8CVSS7.2AI score0.0086EPSS
Exploits0
OSV
OSV
added 2024/06/29 7:15 a.m.5 views

CVE-2024-5790

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/29 12:0 a.m.5 views

PT-2024-37156 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.11.1 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the plugin's Gradient Heading widget due to insufficient input...

6.4CVSS6.2AI score0.00332EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/06/28 3:33 p.m.18 views

CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...

8.8CVSS6.1AI score0.00425EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/28 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-10942

modules/attributewizardpro/fileupload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file...

9.8CVSS6.2AI score0.12744EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/27 6:42 p.m.21 views

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

7.4CVSS6.8AI score0.00512EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.7 views

PT-2024-37376 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.7 Description: The issue allows any authenticated user to change the name of an organization due to improper access control. This is because the checkAccess function is not implemented, enabling users with low...

5.3CVSS5.5AI score0.00407EPSS
Exploits1References3
CVE
CVE
added 2024/06/25 2:28 p.m.69 views

CVE-2024-39470

CVE-2024-39470 : In the Linux kernel, a null-pointer dereference could occur in eventfs_find_events() when ei is NULL after update_events_attr, potentially leading to a crash if ei->is_freed is set. The issue has been resolved via kernel patches (stable releases) implementing a guard that retu...

5.5CVSS7AI score0.00213EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/06/25 2:15 p.m.2 views

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.00326EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:49 p.m.6 views

Malicious code in attribute-normalizer-extras (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:49 p.m.8 views

MAL-2024-6719 Malicious code in attribute-normalizer-extras (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
Patchstack
Patchstack
added 2024/06/25 6:51 a.m.5 views

WordPress The7 theme <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via url Attribute vulnerability discovered by wesley wcraft in WordPress Theme The7 versions = 11.13.0...

6.4CVSS5.8AI score0.00326EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.3 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the sanitycheckinode function not performing a sanity check on ixattrnid...

7.1CVSS6.5AI score0.00238EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2024/06/24 11:15 p.m.2 views

SUSE CVE-2024-38659

In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enicsetvfport enicsetvfport assumes that the nl attribute IFLAPORTPROFILE is of length PORTPROFILEMAX and that the nl attributes IFLAPORTINSTANCEUUID, IFLAPORTHOSTUUID are of length...

6.3CVSS6.3AI score0.00245EPSS
Exploits0References16
Amazon
Amazon
added 2024/06/24 12:0 a.m.57 views

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

6.1CVSS6.6AI score0.00979EPSS
Exploits0
Amazon
Amazon
added 2024/06/24 12:0 a.m.83 views

Medium: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

6.1CVSS6.6AI score0.00979EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/06/21 2:27 p.m.21 views

CVE-2024-38659

In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enicsetvfport enicsetvfport assumes that the nl attribute IFLAPORTPROFILE is of length PORTPROFILEMAX and that the nl attributes IFLAPORTINSTANCEUUID, IFLAPORTHOSTUUID are of length...

5.5CVSS6.9AI score0.00245EPSS
Exploits0References4
NVD
NVD
added 2024/06/21 11:15 a.m.18 views

CVE-2024-38659

In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enicsetvfport enicsetvfport assumes that the nl attribute IFLAPORTPROFILE is of length PORTPROFILEMAX and that the nl attributes IFLAPORTINSTANCEUUID, IFLAPORTHOSTUUID are of length...

7.1CVSS0.00245EPSS
Exploits0References11
Rows per page
Query Builder