Lucene search
K

11641 matches found

Debian CVE
Debian CVE
added 2024/12/05 3:17 p.m.11 views

CVE-2024-54001

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected...

5.5CVSS5.4AI score0.00382EPSS
Exploits1
OSV
OSV
added 2024/12/05 12:31 p.m.18 views

GHSA-6HQR-C69M-R76Q Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

8.3CVSS8.6AI score0.01656EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/03 12:0 a.m.8 views

PT-2024-36007 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 3.9.7 Description: The issue concerns a server-side request forgery vulnerability. It occurs when the requests.get request in the check url method is set to allow redirects=True, allowing a...

7.5CVSS6.3AI score0.00407EPSS
Exploits0References12
Securelist
Securelist
added 2024/12/02 10:0 a.m.17 views

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as "Запрос цены и предложения от Индивидуального...

7.7AI score
Exploits0
OSV
OSV
added 2024/11/28 5:15 p.m.12 views

CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

9.8CVSS7.3AI score
Exploits0References3
Information Security Automation
Information Security Automation
added 2024/11/28 12:57 p.m.22 views

New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities

New episode "In The Trend of VM" 9: 4 trending vulnerabilities of October, scandal at The Linux Foundation, social "attack on the complainer", "Ford's method" for motivating IT specialists to fix vulnerabilities. The competition for the best question on the topic of VM continues. Video on YouTube...

10CVSS7.6AI score0.44382EPSS
Exploits12
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.2 views

PT-2024-9682

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.16 Django versions 5.0 through 5.0.9 Django versions 5.1 through 5.1.3 Description The issue is related to the strip tags method and the striptags template filter in Django, which are subject to a potential...

9.8CVSS7AI score0.01396EPSS
Exploits0References84
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.6 views

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that originates from the presence of uninitialized data in BnAudioPolicyService::onTransact in the IAudioPolicyService.cpp file, which could lead ...

8.4CVSS8.8AI score0.00091EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 12:15 p.m.2 views

UBUNTU-CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

9.9CVSS5.8AI score0.78831EPSS
Exploits13References3
Positive Technologies
Positive Technologies
added 2024/11/27 12:0 a.m.5 views

PT-2024-35177 · Zohocorp · Manageengine Analytics Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Analytics Plus versions below 6100 Description: The issue allows authenticated sensitive data exposure, enabling users to retrieve sensitive tokens associated with the org-admin account. This is related to the getOAToken...

8.1CVSS6.8AI score0.01128EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/11/26 3:52 p.m.4 views

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS5.7AI score0.00298EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/11/26 3:41 p.m.3 views

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS5.7AI score0.00298EPSS
Exploits0References7
CNVD
CNVD
added 2024/11/26 12:0 a.m.6 views

Zyxel P-6101C Authorization Issue Vulnerability

The Zyxel P-6101C is a wireless router from China's Hopkins Zyxel. The Zyxel P-6101C suffers from an authorization issue vulnerability that stems from improper authentication. An attacker can exploit the vulnerability to read certain device information via a specially crafted HTTP HEAD method...

7.5CVSS6.3AI score0.00667EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.3 views

PT-2024-16976 · WordPress · Additional Order Filters For Woocommerce

Name of the Vulnerable Software and Affected Versions: Additional Order Filters for WooCommerce plugin for WordPress versions up to, and including, 1.21 Description: The issue arises from insufficient input sanitization and output escaping, making it possible for unauthenticated attackers to inje...

6.1CVSS7.2AI score0.00343EPSS
Exploits0References4
OSV
OSV
added 2024/11/25 7:34 p.m.9 views

GHSA-QQWR-J9MM-FHW6 deno_doc's HTML generator vulnerable to Cross-site Scripting

Summary Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. Details & PoC 1. XSS in generated searchindex.js denodoc outputed a JavaScript file for searching. However, the generated file used innerHTML on unsanitzed HTML input...

5.4CVSS5.3AI score0.00325EPSS
Exploits0References5
NVD
NVD
added 2024/11/25 7:15 p.m.20 views

CVE-2024-32468

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

5.4CVSS0.00325EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/25 6:44 p.m.10 views

CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

5.4CVSS5.7AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/25 6:44 p.m.22 views

CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

5.4CVSS0.00325EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.1 views

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

9.8CVSS7.8AI score0.03519EPSS
Exploits1References6
CVE
CVE
added 2024/11/25 12:0 a.m.59 views

CVE-2024-52787

Vulnerability summary: Libre-chat v0.0.6 is affected by a path traversal flaw in the upload_documents method. By supplying a crafted filename in an uploaded file, an attacker can traverse the filesystem. This is corroborated by multiple sources (Red Hat CVE entry, GHSA advisory, Veracode summary,...

9.1CVSS6.7AI score0.00762EPSS
Exploits0References4
Rows per page
Query Builder