Lucene search
K

11634 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 12:34 a.m.23 views

CVE-2024-55924

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8CVSS7.9AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:34 a.m.19 views

CVE-2024-55921

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8.8CVSS8AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:31 a.m.7 views

CVE-2024-31999

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

7.4CVSS7.4AI score0.00616EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:24 a.m.15 views

CVE-2024-31457

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System - Plugi...

7.7CVSS7.5AI score0.00904EPSS
Exploits0References1
0day.today
0day.today
added 2025/02/05 12:0 a.m.265 views

Compop Online Mall 3.5.3 Authentication Bypass Vulnerability

Exploit Title: Compop Online Mall Authentication Bypass Google Dork: Terms of Use inurl:compop.vip Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445 Vulnerability Overview: The system uses a Unix timestamp "ts" parameter in URLs for authentication,...

9.8CVSS9.6AI score0.01824EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/02/04 11:45 p.m.8 views

CVE-2024-22203

Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...

9.8CVSS9.2AI score0.01003EPSS
Exploits1References1
Snyk
Snyk
added 2025/02/04 12:30 p.m.5 views

Man-in-the-Middle (MitM)

Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...

8.6CVSS6.6AI score0.02951EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/02/04 12:23 p.m.5 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
OSV
OSV
added 2025/02/04 11:15 a.m.7 views

AZL-56446 CVE-2024-27137 affecting package cassandra 4.0.10-1

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS6.9AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 11:15 a.m.7 views

AZL-56430 CVE-2024-27137 affecting package cassandra 5.0.0-2

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS6.9AI score0.00259EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/02/04 8:57 a.m.1 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
NVD
NVD
added 2025/02/03 3:15 p.m.8 views

CVE-2025-22694

Missing Authorization vulnerability in Dotstore Hide Shipping Method For WooCommerce hide-shipping-method-for-woocommerce.This issue affects Hide Shipping Method For WooCommerce: from n/a through = 1.5.1...

4.3CVSS0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/03 2:23 p.m.15 views

CVE-2025-22694 WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0...

4.3CVSS6.9AI score0.00317EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/02/03 9:20 a.m.3 views

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template bsc1234808 CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method bsc1234809 Patch Instructions: To install this SUSE...

8.1CVSS7.3AI score0.005EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/02/03 12:9 a.m.5 views

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS5.7AI score0.00298EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

WordPress plugin Hide Shipping Method For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS8.7AI score0.00317EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/31 2:56 p.m.4 views

WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Hide Shipping Method For WooCommerce versions = 1.5.1...

4.3CVSS7AI score0.00317EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/01/30 6:6 p.m.2 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
OSV
OSV
added 2025/01/29 10:15 p.m.2 views

CVE-2024-57510

Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4MemoryByteStream::WritePartial...

7.8CVSS6.1AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2025/01/29 6:41 p.m.15 views

GHSA-7HPQ-3G6W-PVHF Snowflake JDBC allows an untrusted search path on Windows

Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver...

7.8CVSS7.9AI score0.00252EPSS
Exploits0References4
Rows per page
Query Builder