Lucene search
K

30456 matches found

The Hacker News
The Hacker News
added 2024/11/18 4:52 a.m.19 views

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security formerly Really Simple SSL plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as...

9.8CVSS9.8AI score0.81722EPSS
Exploits23
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.3 views

PT-2024-30574 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: The issue allows an unauthenticated user to use an application endpoint to check if an email address corresponds to a valid GLPI user. Recommendations: For versions 0.80 through 10.0.16, update ...

9.8CVSS5.5AI score0.86182EPSS
Exploits9References76
GithubExploit
GithubExploit
added 2024/11/16 7:5 p.m.474 views

Exploit for CVE-2024-49379

Proof of Concept PoC for CVE-2024-49379 This repository con...

5.3CVSS6.8AI score0.01233EPSS
Exploits1
OSV
OSV
added 2024/11/15 4:46 p.m.16 views

CVE-2024-52518 Nextcloud Server is missing password confirmation when changing external storage options

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...

4.4CVSS6.3AI score0.00529EPSS
Exploits0References7
Nextcloud
Nextcloud
added 2024/11/15 1:14 p.m.19 views

Open redirection when logging in with User OIDC

None...

6.1CVSS5.2AI score0.00417EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2024/11/15 1:11 p.m.29 views

Mail app does not respect download permissions in shares

None...

5.7CVSS5.2AI score0.00502EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-34376 · Unknown · Python Book

Name of the Vulnerable Software and Affected Versions: python book version V1.0 Description: The issue concerns an arbitrary file upload vulnerability in the user avatar upload function. This vulnerability allows for the upload of arbitrary files, which could potentially lead to security issues...

9.8CVSS7.4AI score0.00961EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-39479 · WordPress · Wordpress Video Robot

Name of the Vulnerable Software and Affected Versions: WordPress Video Robot - The Ultimate Video Importer plugin for WordPress versions up to and including 1.20.0 Description: The issue is related to insufficient validation of user metadata that can be updated in the wpvr rate request result...

8.8CVSS9.3AI score0.00566EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.16 views

Fedora 37 : w3m (2022-7d2f942be2)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7d2f942be2 advisory. - Added upstream patch to address CVE-2022-38223 2126270 Tenable has extracted the preceding description block directly from the Fedora security...

7.8CVSS7.4AI score0.00441EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/14 5:32 p.m.19 views

CVE-2024-4343 Python Command Injection in imartinez/privategpt

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

9.8CVSS0.0261EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 5:28 p.m.30 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50387]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50387 Vulnerability Details CVEID:CVE-2023-50387 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when processing...

7.5CVSS7.1AI score0.99995EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 1:57 p.m.12 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50868]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50868 Vulnerability Details CVEID:CVE-2023-50868 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC...

7.5CVSS6.9AI score0.81729EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 9:21 a.m.23 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2023-5678]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-5678 Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DHgeneratekey...

5.3CVSS6.7AI score0.04459EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2024/11/14 8:48 a.m.154 views

Exploit for Incorrect Default Permissions in Google Android

CVE-2022-20474 Analysis - Self-changed Bundle under LazyValue...

7.8CVSS7AI score0.00242EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.4 views

PT-2024-34574 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: The issue arises from inadequate input validation and processing of SVG files during the upload process, leading to Cross-Site Scripting XSS and Open Redirect vulnerabilities. The XSS vulnerabili...

7.3CVSS6.9AI score0.00312EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.5 views

PT-2024-30283 · Google · Android

Name of the Vulnerable Software and Affected Versions: Google Android versions 12 through 15 Description: The issue is related to a possible persistent denial of service due to resource exhaustion in the validate function of WifiConfigurationUtil.java. This could lead to a local denial of service...

6.2CVSS6.7AI score0.00096EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/12 12:45 p.m.26 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-51385]

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-51385 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system,...

6.5CVSS7.7AI score0.19753EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/12 10:30 a.m.24 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [ CVE-2023-3446]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck,...

5.3CVSS6.5AI score0.05533EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.3 views

PT-2024-8558 · Microsoft · Sql Server 2016 +4

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server Native Client versions prior to the fixed version Description: The issue is related to a buffer overflow in dynamic memory, which can be exploited by a remote attacker to execute arbitrary code. This is a remote code...

10CVSS9AI score0.01432EPSS
Exploits0References9
CBLMariner
CBLMariner
added 2024/11/11 6:23 p.m.9 views

CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3

CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3. A patched version of the package is available...

8.7CVSS7.6AI score0.01429EPSS
Exploits0
Rows per page
Query Builder