30456 matches found
Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security formerly Really Simple SSL plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as...
PT-2024-30574 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: The issue allows an unauthenticated user to use an application endpoint to check if an email address corresponds to a valid GLPI user. Recommendations: For versions 0.80 through 10.0.16, update ...
Exploit for CVE-2024-49379
Proof of Concept PoC for CVE-2024-49379 This repository con...
CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...
Open redirection when logging in with User OIDC
None...
Mail app does not respect download permissions in shares
None...
PT-2024-34376 · Unknown · Python Book
Name of the Vulnerable Software and Affected Versions: python book version V1.0 Description: The issue concerns an arbitrary file upload vulnerability in the user avatar upload function. This vulnerability allows for the upload of arbitrary files, which could potentially lead to security issues...
PT-2024-39479 · WordPress · Wordpress Video Robot
Name of the Vulnerable Software and Affected Versions: WordPress Video Robot - The Ultimate Video Importer plugin for WordPress versions up to and including 1.20.0 Description: The issue is related to insufficient validation of user metadata that can be updated in the wpvr rate request result...
Fedora 37 : w3m (2022-7d2f942be2)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7d2f942be2 advisory. - Added upstream patch to address CVE-2022-38223 2126270 Tenable has extracted the preceding description block directly from the Fedora security...
CVE-2024-4343 Python Command Injection in imartinez/privategpt
A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50387]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50387 Vulnerability Details CVEID:CVE-2023-50387 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when processing...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50868]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50868 Vulnerability Details CVEID:CVE-2023-50868 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2023-5678]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-5678 Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DHgeneratekey...
Exploit for Incorrect Default Permissions in Google Android
CVE-2022-20474 Analysis - Self-changed Bundle under LazyValue...
PT-2024-34574 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: The issue arises from inadequate input validation and processing of SVG files during the upload process, leading to Cross-Site Scripting XSS and Open Redirect vulnerabilities. The XSS vulnerabili...
PT-2024-30283 · Google · Android
Name of the Vulnerable Software and Affected Versions: Google Android versions 12 through 15 Description: The issue is related to a possible persistent denial of service due to resource exhaustion in the validate function of WifiConfigurationUtil.java. This could lead to a local denial of service...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-51385]
Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-51385 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system,...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [ CVE-2023-3446]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck,...
PT-2024-8558 · Microsoft · Sql Server 2016 +4
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server Native Client versions prior to the fixed version Description: The issue is related to a buffer overflow in dynamic memory, which can be exploited by a remote attacker to execute arbitrary code. This is a remote code...
CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3
CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3. A patched version of the package is available...