Lucene search
K

8540 matches found

Cvelist
Cvelist
added 2024/05/15 3:49 p.m.21 views

CVE-2024-3318 SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...

4.2CVSS4.8AI score0.00368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/15 3:44 p.m.16 views

CVE-2024-3319 Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints

An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...

9.1CVSS8.1AI score0.00801EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.3 views

SailPoint Identity Security Cloud 安全漏洞

SailPoint Identity Security Cloud is a secure identity platform from SailPoint, Inc. A security vulnerability exists in SailPoint Identity Security Cloud that stems from allowing authenticated administrators to execute user-defined templates as part of an attribute transformation, allowing remote...

9.1CVSS7.9AI score0.00801EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.1 views

PT-2024-40061 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 6.18.34 Laravel versions prior to 7.23.2 Description: A security issue was found in Laravel where it was possible to mass assign Eloquent attributes that included the model's table name. This could lead to unexpected...

7.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.8 views

PT-2024-25145 · Sailpoint · Sailpoint Identity Security Cloud

Name of the Vulnerable Software and Affected Versions: SailPoint Identity Security Cloud affected versions not specified Description: An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator ...

9.1CVSS7.8AI score0.00801EPSS
Exploits0References4
OSV
OSV
added 2024/05/14 3:43 p.m.2 views

CVE-2024-4481

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS5.9AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 3:36 p.m.1 views

DEBIAN-CVE-2024-32611

HDF5 Library through 1.14.3 may use an uninitialized value in H5Aattrreleasetable in H5Aint.c...

9.8CVSS8.2AI score0.00951EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:36 p.m.1 views

UBUNTU-CVE-2024-32611

HDF5 Library through 1.14.3 may use an uninitialized value in H5Aattrreleasetable in H5Aint.c...

9.8CVSS7AI score0.00951EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 3:15 p.m.5 views

AZL-40630 CVE-2024-29161 affecting package hdf5 for versions less than 1.14.4.3-1

HDF5 through 1.14.3 contains a heap buffer overflow in H5Aattrreleasetable, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

8.8CVSS7.1AI score0.0086EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:15 p.m.0 views

UBUNTU-CVE-2024-29161

HDF5 through 1.14.3 contains a heap buffer overflow in H5Aattrreleasetable, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

8.8CVSS7.3AI score0.0086EPSS
Exploits0References3
Rosalinux
Rosalinux
added 2024/05/14 8:56 a.m.24 views

Advisory ROSA-SA-2024-2419

software: heimdal 7.8.0 WASP: ROSA-CHROME packageevrstring: heimdal-7.8.0-1 CVE-ID: CVE-2021-44758 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: heimdal allowed attackers to cause null pointer dereferencing in the SPNEGO receiver via the preferredmechtype GSSCNOOID and a non-zero initialresponse value f...

9.8CVSS8.4AI score0.06419EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2024/05/14 3:32 a.m.1 views

SUSE CVE-2024-32611

HDF5 Library through 1.14.3 may use an uninitialized value in H5Aattrreleasetable in H5Aint.c...

9.8CVSS7AI score0.00951EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

WordPress Theme Porto 安全漏洞

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Porto version 3.1.0 and earlier versions...

8.8CVSS6AI score0.01002EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6AI score0.0034EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 version 1.14.3 and pri...

8.8CVSS7.7AI score0.0086EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/05/13 7:0 a.m.2 views

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

...

5.4CVSS6.6AI score0.00979EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.33 views

RHEL 6 : jinja2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 - Jinja...

6.8AI score0.00979EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.19 views

RHEL 7 : jinja2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 - Jinja...

7.5AI score0.00979EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/10 10:8 a.m.2 views

WordPress Beaver Builder plugin <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via photo widget crop attribute vulnerability discovered by Thanh Nam Tran in WordPress Plugin Beaver Builder versions = 2.8.1.2...

6.4CVSS5.8AI score0.00486EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.5 views

PT-2024-31261 · Kadence Wp · Gutenberg Blocks With Ai

Name of the Vulnerable Software and Affected Versions: Gutenberg Blocks with AI by Kadence WP plugin for WordPress versions up to, and including, 3.2.36 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the link...

6.4CVSS7.2AI score0.0034EPSS
Exploits0References5
Rows per page
Query Builder