Lucene search
K

30457 matches found

OSV
OSV
added 2024/10/15 6:12 p.m.4 views

CLSA-2024-1729015920 linux-firmware: Fix of CVE-2023-31315

Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F10ver:0x0A00107A, cpuid:0x00A10F12ver:0x0A101248, cpuid:0x00AA0F02ver:0x0AA00215, cpuid:0x00A00F12ver:0x0A001238, cpuid:0x00A10F11ver:0x0A101148, cpuid:0x00A00F11ver:0x0A0011D5; - Update AMD CPU microcode for processor family 0x17:...

7.5CVSS7.3AI score0.00622EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/14 5:59 p.m.31 views

CVE-2024-47826 eLabFTW vulnerable to HTML Injection in extended search error message

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" show mode, "database.php" show mode or "search.php". It works by providing HTML code in the extended...

3.5CVSS0.00271EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/10/12 7:0 a.m.3 views

ipv6: fix possible UAF in ip6_finish_output2()

...

7.8CVSS6.7AI score0.00237EPSS
Exploits0
GithubExploit
GithubExploit
added 2024/10/12 2:17 a.m.67 views

Exploit for Incorrect Implementation of Authentication Algorithm in Ivanti Virtual_Traffic_Management

CVE-2024-7593 Description: CVE-2024-7593 is a critical v...

9.8CVSS9.9AI score0.99987EPSS
Exploits4
CBLMariner
CBLMariner
added 2024/10/12 2:7 a.m.14 views

CVE-2024-43892 affecting package kernel for versions less than 5.15.167.1-1

CVE-2024-43892 affecting package kernel for versions less than 5.15.167.1-1. A patched version of the package is available...

4.7CVSS6.6AI score0.00229EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/10/11 6:10 p.m.39 views

Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.

Impact A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. Patches Please use version 4.0.0 or later github.com/codeclysm/extract/v4. Any previous version is affected by the bug. Workarounds No knows workarounds. Backward compatibility...

7.5CVSS6.9AI score0.00534EPSS
Exploits0References4Affected Software3
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.8 views

PT-2024-6805

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 2.5.0 DOMPurify versions prior to 3.1.3 Description The issue is related to insufficient input validation in the DOMPurify JavaScript library, which can lead to a cross-site scripting XSS attack. This vulnerability...

10CVSS7.8AI score0.51488EPSS
Exploits30References118
NVD
NVD
added 2024/10/10 11:15 p.m.21 views

CVE-2024-47872

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS0.00252EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/10 10:9 p.m.24 views

Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view...

6.9CVSS6.2AI score0.00252EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 10:4 p.m.18 views

Gradio has a race condition in update_root_in_config may redirect user traffic

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect use...

8.1CVSS6.8AI score0.00359EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.4 views

PT-2025-28386 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to 15 Description: The issue is related to out-of-bounds writing when accessing uninitialized memory in libsavsvc.so. This allows local attackers to cause memory corruption. Recommendations: For Android versions prior t...

5.5CVSS6AI score0.00118EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2024/10/09 6:39 a.m.575 views

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2024-38077 Here’s a possible GitHub description for CV...

9.8CVSS10AI score0.75365EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2024/10/08 5:54 p.m.20 views

CVE-2024-47822 Directus inserts access token from query string into logs

Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in req.query is not redacted when the LOGSTYLE is set to raw. If these logs are no...

4.2CVSS4.9AI score0.00312EPSS
Exploits1References2
OSV
OSV
added 2024/10/08 5:54 p.m.10 views

CVE-2024-47822 Directus inserts access token from query string into logs

Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in req.query is not redacted when the LOGSTYLE is set to raw. If these logs are no...

4.2CVSS7.2AI score0.00312EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/08 5:48 p.m.53 views

CVE-2024-47823 Livewire Remote Code Execution (RCE) on File Uploads

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

7.7CVSS0.00823EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 4:4 p.m.44 views

Security Bulletin: IBM Security Guardium is affected by a remote code execution vulnerability (CVE-2022-37434)

Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote...

9.8CVSS9.8AI score0.1593EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.2 views

PT-2024-6671 · Microsoft · Saved Console +2

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to 10.0.10240.20796 Microsoft Windows versions prior to 10.0.14393.7428 Microsoft Windows versions prior to 10.0.17763.6414 Microsoft Windows versions prior to 10.0.19044.5011 Microsoft Windows versions prior ...

7.8CVSS8.2AI score0.60954EPSS
Exploits0References85
CVE
CVE
added 2024/10/07 8:50 p.m.60 views

CVE-2024-47772

CVE-2024-47772: Discourse exposes a cross-site scripting (XSS) vulnerability via chat excerpts when CSP is disabled. An attacker can cause arbitrary JavaScript execution in a user’s browser by sending a maliciously crafted chat message and a reply. The issue affects sites with CSP disabled and is...

6.5CVSS6.5AI score0.00331EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.3 views

PT-2024-7506 · Samsung · Samsung Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Exynos versions 9820 through 9825 Samsung Exynos versions 980 through 990 Samsung Exynos version 850 Samsung Exynos version W920 Description: The issue is related to a use-after-free vulnerability in the m2m scaler driver of Samsung...

8.1CVSS7.9AI score0.01037EPSS
Exploits1References44
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.2 views

PT-2024-9587

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10 Description A null pointer dereference issue has been identified in the parse lrc function within gstsubparse.c. This function calls strchr to find the character '' in the string line. If the string line doe...

9.8CVSS7.7AI score0.01812EPSS
Exploits5References137
Rows per page
Query Builder