Lucene search
K

7661 matches found

CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A path traversal vulnerability exists in Fortinet FortiSandbox, which stems fr...

6.7CVSS7.4AI score0.00288EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/04/06 9:43 a.m.82 views

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...

9.1CVSS8.3AI score0.03687EPSS
Exploits0
OSV
OSV
added 2024/04/05 9:15 a.m.8 views

UBUNTU-CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

5.5CVSS6AI score0.00234EPSS
Exploits0References25
OSV
OSV
added 2024/04/05 8:24 a.m.3 views

CVE-2024-26813 vfio/platform: Create persistent IRQ handlers

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

5.5CVSS5.7AI score0.00234EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2024/04/04 5:52 p.m.16 views

CVE-2024-25708 Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

4.8CVSS5.6AI score0.00373EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/04 5:52 p.m.22 views

CVE-2024-25708 Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

4.8CVSS5.5AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2024/03/31 6:32 p.m.37 views

BIT-ZOOKEEPER-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS5.3AI score0.00246EPSS
Exploits0References3
Imperva Blog
Imperva Blog
added 2024/03/28 1:0 p.m.28 views

From ChatBot To SpyBot: ChatGPT Post Exploitation

In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, "XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT," where we...

6.1AI score
Exploits0
Veracode
Veracode
added 2024/03/18 7:8 a.m.26 views

Sensitive Information Disclosure

Apache ZooKeeper is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing ACL checks in the persistent watcher feature. An attackers can monitor child znodes by attaching a persistent watcher to a parent node they already have access to. When the persistent watcher i...

5.3CVSS6.7AI score0.00246EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/03/15 12:30 p.m.3 views

GHSA-R978-9M6M-6GM6 Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS6.7AI score0.00246EPSS
Exploits0References7
OSV
OSV
added 2024/03/15 11:15 a.m.1 views

DEBIAN-CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS6.6AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2024/03/15 11:15 a.m.22 views

CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS7.6AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2024/03/15 11:15 a.m.10 views

CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS4.9AI score
Exploits0References2
OSV
OSV
added 2024/03/15 11:15 a.m.1 views

UBUNTU-CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS6.7AI score0.00246EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/03/15 11:15 a.m.339 views

CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS6.7AI score0.00246EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/15 10:26 a.m.27 views

CVE-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

6.1AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/15 10:26 a.m.31 views

CVE-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.4AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2024/03/15 10:26 a.m.4415 views

CVE-2024-23944

CVE-2024-23944 is a ZooKeeper information-disclosure vulnerability involving persistent watchers. The issue arises when a watcher attached to a parent znode to which the attacker already has access is triggered; the server does not perform an ACL check at watch-trigger time, exposing the full pat...

5.3CVSS6AI score0.00246EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/03/15 10:26 a.m.75 views

CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS6.1AI score0.00246EPSS
Exploits0
NVD
NVD
added 2024/03/12 8:15 p.m.13 views

CVE-2023-30968

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting XSS vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack...

6.8CVSS6.1AI score0.00456EPSS
Exploits0References1
Rows per page
Query Builder