CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4408 matches found

Veracode•added 2024/08/22 6:55 a.m.•13 views

Cross Site Scripting(XSS)

apacheairflow is vulnerable to a Cross Site ScriptingXSS. The vulnerability is due to the ability of a malicious provider to execute a script when a user clicks on a provider documentation link in docs.py and provided the provider is installed on the web server, which allows an attacker to exploi...

6.1CVSS7.1AI score0.01804EPSS

Exploits0References5Affected Software1

PyPA•added 2024/08/21 4:15 p.m.•9 views

PYSEC-2024-181

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and theuser to click the provid...

6.1CVSS6.5AI score0.01804EPSS

Exploits0References4Affected Software1

OSV•added 2024/08/21 4:15 p.m.•34 views

CVE-2024-41937

6.1CVSS6AI score

Exploits0References3

CVE•added 2024/08/21 3:31 p.m.•310 views

CVE-2024-41937

The CVE concerns Apache Airflow versions before 2.10.0, where a stored XSS vulnerability exists in the provider link workflow. If a malicious provider is installed on the web server, a user who clicks a provider documentation link can trigger script execution, enabling an attacker to perform a cr...

6.1CVSS6.1AI score0.01804EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2024/08/21 12:0 a.m.•4 views

PT-2024-29645 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.0 Description: The issue allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This requires the provider to be installed on...

6.1CVSS6.3AI score0.01804EPSS

Exploits0References19

NVD•added 2024/08/20 5:15 p.m.•10 views

CVE-2024-43408

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7...

6.3CVSS0.0024EPSS

Exploits0References2

CVE•added 2024/08/20 4:28 p.m.•46 views

CVE-2024-43408

CVE-2024-43408 concerns the Discourse Placeholder Forms feature. The issue arises from unsanitized and stored user input being injected into the HTML of a post, enabling vulnerable dynamic content rendering. The vulnerability is associated with the placeholder forms component and is described as ...

6.3CVSS6.2AI score0.0024EPSS

Exploits0References2

OSV•added 2024/08/20 4:28 p.m.•12 views

CVE-2024-43408 Discourse Placeholder Forms has a XSS stopped by CSP

6.3CVSS6.7AI score0.0024EPSS

Exploits0References4

Spring Security Advisories•added 2024/08/20 12:0 a.m.•17 views

Spring AI with NVIDIA LLM API

Spring AI now supports NVIDIA's Large Language Model API, offering integration with a wide range of models. By leveraging NVIDIA's OpenAI-compatible API, Spring AI allows developers to use NVIDIA's LLMs through the familiar Spring AI API. We'll explore how to configure and use the Spring AI OpenA...

7AI score

Exploits0

RedhatCVE•added 2024/08/19 1:45 p.m.•24 views

CVE-2024-43819

A potential NULL pointer dereference flaw was found in the Linux kernel. This issue may result in a crash...

5.5CVSS6.1AI score0.00196EPSS

Exploits0References4

NVD•added 2024/08/17 10:15 a.m.•18 views

CVE-2024-43819

In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVMSETUSERMEMORYREGION and KVMSETUSERMEMORYREGION2 ioctls when called on a ucontrol VM. This is necessary since ucontrol VMs have kvm-arch.gmap s...

5.5CVSS0.00196EPSS

Exploits0References2

UbuntuCve•added 2024/08/17 10:15 a.m.•14 views

CVE-2024-43819

5.5CVSS6.2AI score0.00196EPSS

Exploits0References9

OSV•added 2024/08/17 9:21 a.m.•18 views

CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs

5.5CVSS6.1AI score0.00196EPSS

Exploits0References5

Vulnrichment•added 2024/08/17 9:21 a.m.•20 views

CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs

6.8AI score0.00196EPSS

Exploits0References2

CVE•added 2024/08/17 9:21 a.m.•105 views

CVE-2024-43819

CVE-2024-43819 : In the Linux kernel, KVM for s390 was updated to reject user memory region operations on ucontrol VMs. Specifically, KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls are now rejected for ucontrol VMs because their kvm->arch.gmap is set to 0, which could lead t...

5.5CVSS6.5AI score0.00196EPSS

Exploits0References2Affected Software1

Debian CVE•added 2024/08/17 9:21 a.m.•16 views

CVE-2024-43819

5.5CVSS5.3AI score0.00196EPSS

Exploits0

Rapid7 Blog•added 2024/08/09 6:21 p.m.•29 views

Metasploit Weekly Wrap-Up 08/09/2024

Black Hat & DEF CON Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W30...

9.8CVSS7.8AI score0.83393EPSS

Exploits8

OSV•added 2024/08/01 8:25 p.m.•15 views

USN-6943-1 tomcat8, tomcat9 vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

7.5CVSS7AI score0.71653EPSS

Exploits20References6