Lucene search
K

181 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/02/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...

9.8CVSS5.8AI score0.83178EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2025/02/14 5:12 a.m.18 views

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

4.3CVSS6.9AI score0.00394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/14 7:5 a.m.18 views

CVE-2024-12365 W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...

8.5CVSS8.1AI score0.01736EPSS
Exploits0References14
Snyk
Snyk
added 2024/11/04 11:46 p.m.3 views

Server-side Request Forgery (SSRF)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to no restrictions on the URL, in the saveurltocache function. An attacker can access and download local resourc...

8.8CVSS6.8AI score0.00464EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.4 views

WordPress plugin WP Fastest Cache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site reques...

8.8CVSS6.7AI score0.01367EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/09/18 12:24 a.m.40 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS6.8AI score0.01003EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.10 views

PT-2024-29980 · Espressif · Esp-Now

Name of the Vulnerable Software and Affected Versions: ESP-NOW versions prior to 2.5.2 Description: A replay attacks vulnerability was discovered in the ESP-NOW Component, which provides a connectionless Wi-Fi communication protocol. The issue arises because the cache is not differentiated by...

6.5CVSS7.7AI score0.00301EPSS
Exploits1References7
NVD
NVD
added 2024/07/29 3:15 p.m.24 views

CVE-2024-41074

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemandid 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. And the request may have not been read yet. Note that when the...

7.8CVSS0.0022EPSS
Exploits0References5
CVE
CVE
added 2024/07/19 12:3 a.m.46 views

CVE-2024-30130

Technical details (affected products, versions, root cause, or fixes) are not publicly provided in the supplied documents. Monitor for updates from HCL/NVD/CVE listings.

7.5CVSS3.9AI score0.00288EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/14 4:17 p.m.7 views

CVE-2024-33004

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References2
NVD
NVD
added 2024/05/06 7:15 a.m.18 views

CVE-2024-23193

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...

5.3CVSS5.2AI score0.00545EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/06 6:36 a.m.10 views

CVE-2024-23193

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...

5.3CVSS6.5AI score0.00545EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.17 views

PT-2024-3336 · Glibc +10 · Glibc +10

Name of the Vulnerable Software and Affected Versions: glibc versions 2.15 and later Description: The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache wa...

8.1CVSS6.1AI score0.8833EPSS
Exploits16References132
OSV
OSV
added 2024/04/16 6:15 p.m.5 views

CVE-2023-45000

Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7...

5.3CVSS6.8AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/24 12:0 a.m.4 views

Varnish Cache 安全漏洞

Varnish Cache is a suite of reverse web caching servers. A security vulnerability exists in Varnish Cache versions prior to 7.3.2 and 7.4.x prior to 7.4.3 and Varnish Enterprise versions prior to 6.0.12r6, which stems from a credit exhaustion that allows HTTP/2 connections to control the flow...

7.5CVSS7.3AI score0.03663EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/02/21 12:33 a.m.3 views

hw: cpu: arm64: Spectre-BHB

A new cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, was found in hw. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influence mispredicted branches within t...

5.6CVSS6.6AI score0.00495EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.8 views

PT-2024-15699 · WordPress · Vk Block Patterns

Name of the Vulnerable Software and Affected Versions: VK Block Patterns plugin for WordPress versions up to, and including, 1.31.1.1 Description: The issue is due to missing or incorrect nonce validation on the vbp clear patterns cache function, making it possible for unauthenticated attackers t...

4.3CVSS5.3AI score0.00669EPSS
Exploits0References9
OSV
OSV
added 2023/12/18 2:15 p.m.4 views

CVE-2023-5236

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

6.5CVSS5.7AI score0.0089EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/12/06 6:31 p.m.9 views

com.qwlabs.doraemon:feature-flags (>=0.2.257 <=0.2.290), com.qwlabs.doraemon:graphql (>=0.2.282 <=0.2.290) +10 more potentially affected by CVE-2023-6393 via io.quarkus:quarkus-cache (>=3.3.0.CR1 <=3.5.1)

io.quarkus:quarkus-cache MAVEN version =3.3.0.CR1, =0.2.257, =0.2.282, =0.2.281, =0.2.282, =0.2.257, =0.2.257, =0.2.257, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.3.0.CR1, =3.5.1 Source cves: CVE-2023-6393 Source advisory: OSV:GHSA-XFV5-JQGP-VQHJ...

5.3CVSS6AI score0.00631EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/04/28 3:10 p.m.8 views

CVE-2023-30853 Gradle Build Action data written to GitHub Actions Cache may expose secrets

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

7.6CVSS7.6AI score0.00285EPSS
Exploits0References2
Rows per page
Query Builder