Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7042 matches found

Mageia
Mageiaadded 2024/12/04 4:58 p.m.30 views

Updated python-aiohttp packages fix security vulnerabilities

When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'followsymlinks' is set to True,...

7.5CVSS7.4AI score0.93664EPSS
Exploits15References3
OSV
OSVadded 2024/12/04 4:58 p.m.22 views

MGASA-2024-0388 Updated python-aiohttp packages fix security vulnerabilities

When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'followsymlinks' is set to True,...

7.5CVSS7.3AI score0.93664EPSS
Exploits15References4
Github Security Blog
Github Security Blogadded 2024/12/03 6:40 p.m.23 views

Synapse allows unsupported content types to lead to memory exhaustion

Impact In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Patches Synapse 1.120.1 resolves the issue by denying...

8.2CVSS6.7AI score0.01089EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2024/12/03 6:40 p.m.19 views

GHSA-RFQ8-J7RH-8HF2 Synapse allows unsupported content types to lead to memory exhaustion

Impact In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Patches Synapse 1.120.1 resolves the issue by denying...

8.2CVSS5AI score0.01089EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/12/03 6:3 p.m.4 views

Malicious code in genz-translator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9 Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage --- Category:...

7.6AI score
Exploits0References1
OSV
OSVadded 2024/12/03 6:3 p.m.2 views

MAL-2024-12275 Malicious code in genz-translator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9 Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage --- Category:...

7.5AI score
Exploits0References1
GithubExploit
GithubExploitadded 2024/12/03 1:56 p.m.423 views

Exploit for Improper Restriction of XML External Entity Reference in Wordpress

POC CVE-2021029447 - XXE in WordPress WordPress 5.6-5.7 - Au...

7.1CVSS6.5AI score0.90782EPSS
Exploits20
GithubExploit
GithubExploitadded 2024/12/03 11:13 a.m.261 views

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit Proof-of-Concept Overview This rep...

7.8CVSS7AI score0.93865EPSS
Exploits49
CNNVD
CNNVDadded 2024/12/02 12:0 a.m.4 views

Rizin 安全漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...

7.5CVSS6.4AI score0.00138EPSS
Exploits0References2
OSV
OSVadded 2024/11/29 10:8 p.m.3 views

MAL-2024-12314 Malicious code in nirohf-reverse-shell (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b0a9ce248bca096b5109a73b943559cabbd6f77433d4a64cd1c804f7ec88df Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2024/11/29 10:8 p.m.3 views

Malicious code in nirohf-reverse-shell (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b0a9ce248bca096b5109a73b943559cabbd6f77433d4a64cd1c804f7ec88df Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.6AI score
Exploits0References1
NVD
NVDadded 2024/11/29 7:15 p.m.18 views

CVE-2024-52003

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

6.3CVSS0.0024EPSS
Exploits0References4
AlpineLinux
AlpineLinuxadded 2024/11/29 7:15 p.m.9 views

CVE-2024-52003

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

6.3CVSS6.9AI score0.0024EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/11/29 6:15 p.m.17 views

CVE-2024-52003 X-Forwarded-Prefix Header still allows for Open Redirect in traefik

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

6.3CVSS6.8AI score0.0024EPSS
Exploits0References4
CVE
CVEadded 2024/11/29 6:15 p.m.2410 views

CVE-2024-52003

CVE-2024-52003 – Traefik : Traefik versions 2.11.14 and 3.2.1 fix a vulnerability where an attacker can inject the untrusted X-Forwarded-Prefix header. The issue, as described, arises from the header handling by the HTTP reverse proxy/load balancer, enabling an external source to influence reques...

6.3CVSS6.5AI score0.0024EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2024/11/26 6:15 a.m.13 views

CVE-2024-10570

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validatio...

7.5CVSS0.00135EPSS
Exploits0References2
CVE
CVEadded 2024/11/26 5:33 a.m.139 views

CVE-2024-10542

CVE-2024-10542 affects the WordPress plugin Spam protection, Anti-Spam, FireWall by CleanTalk up to version 6.43.2, where an authorization bypass via reverse DNS spoofing in checkWithoutToken allows unauthenticated installation/activation of arbitrary plugins, potentially enabling remote code exe...

9.8CVSS9.8AI score0.40965EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2024/11/26 5:33 a.m.19 views

CVE-2024-10542 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

9.8CVSS7.9AI score0.40965EPSS
Exploits1References3
Cvelist
Cvelistadded 2024/11/26 5:33 a.m.28 views

CVE-2024-10542 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

9.8CVSS0.40965EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2024/11/26 5:33 a.m.17 views

CVE-2024-10570 Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validatio...

7.5CVSS7.9AI score0.00135EPSS
Exploits0References2
Rows per page
Query Builder