Lucene search
K

30464 matches found

OSV
OSV
added 2024/09/03 7:42 p.m.13 views

GHSA-Q765-WM9J-66QJ @blakeembrey/template vulnerable to code injection when attacker controls template input

Impact It is possible to inject and run code within the template if the attacker has access to write the template name. js const template = require'@blakeembrey/template'; template"Hello name!", "exploit && = console.log'success'; && function pwned"; Patches Upgrade to 1.2.0. Workarounds Don't pa...

7.3CVSS8.5AI score0.00433EPSS
Exploits0References4
OSV
OSV
added 2024/09/03 7:37 p.m.30 views

CVE-2024-45390 @blakeembrey/template vulnerable to code injection when attacker controls template input

@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or...

7.3CVSS7AI score0.00433EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2024/09/03 12:26 p.m.24 views

CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4. A patched version of the package is available...

7.5CVSS6.9AI score0.02278EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.434 views

ColdFusion Server Check

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ColdFusion Server Check', 'Description' = %q This module attempts to exploit the directory traversal in the 'locale' attribute. According to the...

9.8CVSS7AI score0.99721EPSS
Exploits13
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.914 views

MS12-020 Microsoft Remote Desktop Checker

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS12-020 Microsoft Remote Desktop Checker', 'Description' = %q This module checks a range of hosts for the MS12-020 vulnerability. This does not...

9.3CVSS7AI score0.73924EPSS
Exploits11
OSV
OSV
added 2024/08/30 10:4 a.m.6 views

CLSA-2024-1725012247 Fix CVE(s): CVE-2024-37894

SECURITY UPDATE: Memory Corruption via Out-of-bounds Write in ESI variables assignment - debian/patches/CVE-2024-37894.patch: fix incorrect type declaration in TrieNode.cc to prevent potential type conversion issues - CVE-2024-37894...

6.3CVSS5.8AI score0.06255EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/08/30 12:0 a.m.84 views

Cisco Application Policy Infrastructure Controller Privilege Escalation (cisco-sa-capic-priv-esc-uYQJjnuU)

According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a privilege escalation vulnerability that could could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary co...

7.2CVSS6.1AI score0.0074EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2024/08/28 12:0 a.m.56 views

kernel security update

5.14.0-427.33.14.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

7.8CVSS8.9AI score0.02224EPSS
Exploits2
Photon
Photon
added 2024/08/27 12:0 a.m.17 views

Important Photon OS Security Update - PHSA-2024-5.0-0356

Updates of 'python3-certifi' packages of Photon OS have been released...

7.5CVSS9.9AI score0.01049EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.7 views

PT-2024-31522 · Skysystem · Arfa-Cms

Name of the Vulnerable Software and Affected Versions: SkySystem Arfa-CMS versions prior to 5.1.3124 Description: A SQL injection issue in the poll component allows remote attackers to execute arbitrary SQL commands via the psid parameter. This enables attackers to manipulate database queries,...

9.8CVSS9.1AI score0.01045EPSS
Exploits0References8
CBLMariner
CBLMariner
added 2024/08/25 3:13 p.m.19 views

CVE-2024-7006 affecting package libtiff for versions less than 4.6.0-4

CVE-2024-7006 affecting package libtiff for versions less than 4.6.0-4. A patched version of the package is available...

7.5CVSS6.9AI score0.01516EPSS
Exploits0
FreeBSD
FreeBSD
added 2024/08/25 12:0 a.m.23 views

binutils -- Multiple vulnerabilities

[email protected] reports PR/281070: A new version of devel/binutils has been released fixing CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, and CVE-2023-25588...

6.5CVSS8.3AI score0.00895EPSS
Exploits3
OPENSUSE Linux
OPENSUSE Linux
added 2024/08/23 12:0 a.m.5 views

Security update for libhtp (moderate)

openSUSE Security Update: Security update for libhtp Announcement ID: openSUSE-SU-2024:0150-2 Rating: moderate References: 1220403 Cross-References: CVE-2024-23837 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This update fo...

7.5CVSS7.2AI score0.01193EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.9 views

PT-2024-28785 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: Automad version 2.0.0-alpha.4 Description: A persistent stored cross-site scripting XSS vulnerability has been identified in Automad. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The...

4.8CVSS5.4AI score0.00769EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2024/08/23 12:0 a.m.24 views

Cisco Unified Communications Manager DoS (cisco-sa-cucm-dos-kkHq43We)

According to its self-reported version, Cisco Unified Communications Manager running on the report host is affected by a denial of service DoS vulnerability. Due to improper processing of SIP messages, an unauthenticated, remote, attacker can cause the system to reload and thus stop responding...

8.6CVSS5.5AI score0.00745EPSS
Exploits0References3
OSV
OSV
added 2024/08/22 7:46 p.m.15 views

BIT-VALKEY-2021-31294

Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this...

5.9CVSS6.1AI score0.01309EPSS
Exploits1References5
OSV
OSV
added 2024/08/22 7:30 p.m.18 views

BIT-KEYDB-2021-32626 Lua scripts can overflow the heap-based Lua stack in Redis

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

8.8CVSS8.9AI score0.15126EPSS
Exploits0References11
OSV
OSV
added 2024/08/22 7:24 p.m.17 views

BIT-KEYDB-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

6.5CVSS6.2AI score0.00902EPSS
Exploits0References6
CBLMariner
CBLMariner
added 2024/08/22 5:18 p.m.14 views

CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2

CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2. A patched version of the package is available...

7.5CVSS7AI score0.00361EPSS
Exploits0
OSV
OSV
added 2024/08/21 6:31 p.m.17 views

GHSA-6V96-M24V-F58J CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover

Affected Packages The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are...

4.8CVSS4AI score0.004EPSS
Exploits0References4
Rows per page
Query Builder