Lucene search
K

11651 matches found

Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.10 views

Fedora 39 : krb5 (2024-862f5c4156)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-862f5c4156 advisory. Security: CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad support for Message-Authenticator attribute Marvin attack: Removal of the RSA method fo...

9CVSS8AI score0.14859EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.9 views

Fedora 40 : krb5 (2024-29a74ac2b0)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-29a74ac2b0 advisory. Security: CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad support for Message-Authenticator attribute Marvin attack: Removal of the RSA method fo...

9CVSS8AI score0.14859EPSS
Exploits2References2
CVE
CVE
added 2024/11/14 5:32 p.m.59 views

CVE-2024-4343

The CVE-2024-4343 entry describes a Python command injection in the imartinez/privategpt project. Affected component: SagemakerLLM.complete() in ./private_gpt/components/llm/custom/sagemaker.py, with versions up to and including 0.3.0. Root cause: unsafe parsing of a remote SageMaker LLM endpoint...

9.8CVSS9.8AI score0.0261EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/11/14 4:13 a.m.10 views

Authentication Method Confusion

CodeChecker is vulnerable to Authentication Method Confusion. The vulnerability is due to insufficient account security, where the weakly generated root user account cannot be disabled, allowing attackers to exploit it through an external authentication service...

9CVSS7AI score0.00472EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.7 views

Fedora 41 : bluez / iwd / libell (2024-acb9425c93)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-acb9425c93 advisory. libell 0.69: Add support for getting remaining microseconds left on a timer. Add support for setting link MTU on a network interface. iwd 2.21: Fix issue wit...

7.4CVSS6.3AI score0.00716EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.7 views

Fedora 41 : krb5 (2024-c0961d31b8)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c0961d31b8 advisory. Security: CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad support for Message-Authenticator attribute Marvin attack: Removal of the RSA method fo...

9CVSS8AI score0.14859EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2024/11/13 1:16 p.m.7 views

python-django: Potential directory-traversal in django.core.files.storage.Storage.save()

A vulnerability was found in Python-Django in the Derived classes of the django.core.files.storage.Storage base class that overrides the generatefilename without replicating the file path validations existing in the parent class. This flaw allows potential directory traversal via certain inputs...

4.3CVSS7AI score0.01008EPSS
Exploits0References4
OSV
OSV
added 2024/11/12 7:56 p.m.10 views

GHSA-CM46-GQF4-MV4F Orchid Platform has Method Exposure Vulnerability in Modals

Impact This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within t...

5.1CVSS4.5AI score0.00322EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/11/12 7:56 p.m.16 views

Orchid Platform has Method Exposure Vulnerability in Modals

Impact This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within t...

4.1CVSS4.5AI score0.00322EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/11/12 9:18 a.m.7 views

Path Traversal

langchain is vulnerable to path traversal. The vulnerability is due to improper input sanitization in the getFullPath method, which allows attackers to exploit the setFileContent, getParsedFile, and mdelete methods, enabling them to save files anywhere in the filesystem, overwrite existing text...

9.1CVSS9AI score0.00545EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.5 views

PT-2024-8733 · Timgeyssens · Uiomatic

Name of the Vulnerable Software and Affected Versions: TimGeyssens UIOMatic version 5 Description: A critical vulnerability has been found in the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r, which can lead to SQL injection. The attack can be initiated remotely. The exploit ha...

7.2CVSS6.1AI score0.00368EPSS
Exploits0References11
NVD
NVD
added 2024/11/11 8:15 p.m.8 views

CVE-2024-51992

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

4.1CVSS0.00322EPSS
Exploits0References1
Snyk
Snyk
added 2024/11/11 7:40 p.m.2 views

Exposed Dangerous Method or Function

Overview orchid/platform is a Platform for back-office applications, admin panel or CMS your Laravel app. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the asynchronous modal functionality via the Screen class. An attacker can call arbitrary methods...

5.1CVSS6.9AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/11 7:17 p.m.35 views

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

4.1CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2024/11/11 7:17 p.m.53 views

CVE-2024-51992

The CVE-2024-51992 issue affects Orchid Platform versions 8 through 14.42.x and stems from a method exposure vulnerability in the platform’s asynchronous modal functionality. The root cause is exposing dangerous methods within the Screen class, enabling an attacker to call arbitrary methods. Clai...

4.1CVSS4.4AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2024/11/11 7:17 p.m.10 views

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

4.1CVSS6.4AI score0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/09 10:15 a.m.13 views

CVE-2024-50261 macsec: Fix use-after-free while sending the offloading packet

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

6.4AI score0.0022EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/11/07 9:57 p.m.20 views

HTTP Client uses incorrect token after refresh

Impact HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh. This occurs because a refreshed token will be captured in pooled HttpClient instances, which may be used by a different user. Workarounds Instead of using...

5.4CVSS6.5AI score0.00221EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/07 12:30 p.m.20 views

hibernate-validator Cross-site Scripting vulnerability

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

6.1CVSS6.3AI score0.00452EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2024/11/07 10:15 a.m.36 views

CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

6.1CVSS0.00452EPSS
Exploits0References2
Rows per page
Query Builder