Lucene search
+L

659 matches found

Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.7 views

PT-2024-40494 · Unknown · Forum Module

Name of the Vulnerable Software and Affected Versions: Forum module affected versions not specified Description: The issue allows malicious users, such as spammers, to create members and post to forums using GET requests, bypassing CSRF and anti-spam measures. Additionally, a forum moderator can ...

5.3CVSS6.9AI score
Exploits0References6
Kaspersky
Kaspersky
added 2024/05/16 12:0 a.m.17 views

KLA67625 PE vulnerability in Microsoft Azure

An elevation of privilege vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2024-30060 Related products Microsoft-Azure CVE list CVE-2024-30060 critical KB list Solution Install necessary updates from the KB...

7.8CVSS7.9AI score0.00493EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/15 8:54 p.m.12 views

Drupal Anonymous Open Redirect

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users int...

6.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/15 8:54 p.m.11 views

GHSA-X6V2-XMRQ-574J Drupal Anonymous Open Redirect

Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users int...

5.8CVSS6.9AI score
Exploits0References3
Kaspersky
Kaspersky
added 2024/05/14 12:0 a.m.46 views

KLA67403 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability can be exploited remotel...

9CVSS9.7AI score0.25334EPSS
Exploits32References9
Kaspersky
Kaspersky
added 2024/05/14 12:0 a.m.92 views

KLA67449 Multiple vulnerabilities in Git for Windows

Multiple vulnerabilities were found in Git for Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability can be exploited remotely to...

9CVSS9.1AI score0.25334EPSS
Exploits34References3
OSV
OSV
added 2024/04/23 9:15 p.m.23 views

GHSA-3H7Q-RFH9-XM4V Synapse V2 state resolution weakness allows Denial of Service (DoS)

Impact A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in how the auth chain cover index is calculated. This can induce high CPU consumption and accumulate excessive data in the database ...

6.5CVSS6.2AI score0.01463EPSS
Exploits0References9
OSV
OSV
added 2024/04/23 6:15 p.m.8 views

UBUNTU-CVE-2024-31208

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...

6.5CVSS6.6AI score0.01463EPSS
Exploits0References6
Kaspersky
Kaspersky
added 2024/04/19 12:0 a.m.26 views

KLA65691 SB vulnerability in Microsoft Browser

A security feature bypass vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2024-29991 Related products Microsoft-Edge CVE list CVE-2024-29991 warning KB list Solution Install necessary updates fro...

5CVSS5.2AI score0.00649EPSS
Exploits0References3
Kaspersky
Kaspersky
added 2024/04/18 12:0 a.m.31 views

KLA65692 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An...

9.8CVSS9AI score0.14958EPSS
Exploits10References18
Tenable Nessus
Tenable Nessus
added 2024/04/18 12:0 a.m.84 views

Dell Client BIOS Out-Of-Bounds Write Vulnerability (DSA-2024-066)

The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by an Out-of-Bounds Write Vulnerability that could be exploited by malicious users to compromise the affected system. Note that Nessus has not tested for this issue but has instead relied only on the...

4.7CVSS5.6AI score0.00176EPSS
Exploits0References2
Veracode
Veracode
added 2024/04/15 4:34 a.m.23 views

Information Leakage

matrix-appservice-irc is vulnerable to Information Leakage. The vulnerability is due to insufficient access checks when constructing a reply in MatrixHandler.ts, allowing malicious users to reply to events they shouldn't have access to...

4.3CVSS6.7AI score0.0045EPSS
Exploits0References4Affected Software1
Kaspersky
Kaspersky
added 2024/04/10 12:0 a.m.35 views

KLA65530 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Dawn can be exploited to cause denial of service or execute...

9.6CVSS8.4AI score0.01EPSS
Exploits3References3
Kaspersky
Kaspersky
added 2024/04/09 12:0 a.m.41 views

KLA65505 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof us...

7.8CVSS8.3AI score0.01395EPSS
Exploits0References8
Kaspersky
Kaspersky
added 2024/04/09 12:0 a.m.113 views

KLA65509 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft OLE DB Driver for SQL Server can be exploited remotely to...

8.8CVSS9.4AI score0.02812EPSS
Exploits0References49
Kaspersky
Kaspersky
added 2024/03/22 12:0 a.m.44 views

KLA65256 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Remote code execution vulnerability can be exploited remotely to execute arbitrary code. 2...

9.8CVSS9.8AI score0.22935EPSS
Exploits2References3
Kaspersky
Kaspersky
added 2024/03/12 12:0 a.m.48 views

KLA65123 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code, obtain sensitive information, bypass security restrictions. Below is a complete list of...

8.8CVSS9.8AI score0.16384EPSS
Exploits0References41
OSV
OSV
added 2024/03/06 11:5 a.m.25 views

BIT-SILVERSTRIPE-2020-9311

In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login usually CMS access can craft profile information which can lead to XSS for other users through specially crafted login form URLs...

5.4CVSS5.1AI score0.00556EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:53 a.m.24 views

BIT-GRAFANA-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

6.4CVSS5.3AI score0.01027EPSS
Exploits1References4
Kaspersky
Kaspersky
added 2024/03/05 12:0 a.m.25 views

KLA64772 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory access vulnerability in V8 can be exploited to cause denial of service. ...

8.8CVSS9.8AI score0.13556EPSS
Exploits3References3
Rows per page
Query Builder