Lucene search
K

30465 matches found

Github Security Blog
Github Security Blog
added 2024/08/21 6:31 p.m.32 views

CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover

Affected Packages The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are...

3.1CVSS6.8AI score0.004EPSS
Exploits0References4Affected Software1
RubySec
RubySec
added 2024/08/21 12:0 a.m.5 views

Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability

Affected packages The vulnerability has been discovered in Code Snippet GeSHi plugin. All integrators that use GeSHi syntax highlighter on the backend side can be affected. Impact A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a...

6.1CVSS6.6AI score0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/20 1:31 p.m.26 views

CVE-2024-8003 Go-Tribe gotribe-admin Log routes.go InitRoutes deserialization

A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The patch is identified as...

5.1CVSS0.00827EPSS
Exploits1References6
OSV
OSV
added 2024/08/20 6:15 a.m.12 views

LSN-0106-1 Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work...

7.7CVSS7AI score0.00276EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2024/08/18 2:44 p.m.19 views

CVE-2023-42363 affecting package busybox for versions less than 1.35.0-11

CVE-2023-42363 affecting package busybox for versions less than 1.35.0-11. A patched version of the package is available...

5.5CVSS6.9AI score0.00428EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/08/17 9:22 a.m.17 views

CVE-2024-43851 soc: xilinx: rename cpu_number1 to dummy_cpu_number

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...

6.7AI score0.00211EPSS
Exploits0References4
Amazon
Amazon
added 2024/08/15 12:0 a.m.7 views

Medium: php8.2

Issue Overview: The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/138...

5.9CVSS7.3AI score0.12117EPSS
Exploits2
Amazon
Amazon
added 2024/08/15 12:0 a.m.3 views

Medium: nodejs

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This...

6.5CVSS7.3AI score0.01155EPSS
Exploits1
CBLMariner
CBLMariner
added 2024/08/14 8:43 p.m.53 views

CVE-2024-0684 affecting package coreutils for versions less than 9.4-5

CVE-2024-0684 affecting package coreutils for versions less than 9.4-5. A patched version of the package is available...

5.5CVSS6.9AI score0.0049EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/08/14 8:43 p.m.18 views

CVE-2024-42071 affecting package kernel for versions less than 6.6.43.1-7

CVE-2024-42071 affecting package kernel for versions less than 6.6.43.1-7. A patched version of the package is available...

5.5CVSS6.9AI score0.0021EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/08/14 8:43 p.m.23 views

CVE-2023-46838 affecting package kernel for versions less than 6.6.35.1-4

CVE-2023-46838 affecting package kernel for versions less than 6.6.35.1-4. A patched version of the package is available...

7.5CVSS6.9AI score0.01177EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/08/14 8:43 p.m.20 views

CVE-2024-24857 affecting package kernel for versions less than 6.6.35.1-4

CVE-2024-24857 affecting package kernel for versions less than 6.6.35.1-4. A patched version of the package is available...

6.8CVSS6.9AI score0.00314EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/08/13 9:1 p.m.13 views

Command Injection in sequenceserver

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

9.8CVSS6.7AI score0.00584EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2024/08/13 1:21 p.m.32 views

CVE-2024-21634

A vulnerability was found in Amazon Ion, an implementation of Ion data notation. Ion-java may be affected by denial of service DoS due to issues while deserializing encoded data into IonValue. A maliciously crafted Ion data structure may be processed and cause a StackOverflowError, leaving the...

7.5CVSS7.2AI score0.0082EPSS
Exploits0References4
RubySec
RubySec
added 2024/08/13 12:0 a.m.16 views

Command Injection in sequenceserver gem

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

9.8CVSS7AI score0.00584EPSS
Exploits0References1Affected Software1
Oracle linux
Oracle linux
added 2024/08/13 12:0 a.m.301 views

orc security update

0.4.28-4 - Add patch for CVE-2024-40897 - Resolves: RHEL-50710...

6.7CVSS7AI score0.00379EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.6 views

PT-2024-5695 · Microsoft · Kernel Streaming Wow Thunk Service Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel Streaming WOW Thunk Service Driver versions prior to the fixed version Description: The issue is related to a buffer overflow in the dynamic memory of the Kernel Streaming WOW Thunk Service Driver, which can be exploited to...

9CVSS7.3AI score0.32347EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2024/08/12 3:39 p.m.18 views

CVE-2024-42485 Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...

7.5CVSS6.9AI score0.0057EPSS
Exploits0References2
NVD
NVD
added 2024/08/12 1:38 p.m.36 views

CVE-2024-42467

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forger...

10CVSS0.01035EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/11 12:0 a.m.7 views

PT-2024-38485 · Gila Cms · Gila Cms

Name of the Vulnerable Software and Affected Versions: Gila CMS version 1.10.9 Description: A problematic issue was found in Gila CMS, affecting an unknown part of the file /cm/update rows/page?id=2 within the HTTP POST Request Handler component. The manipulation of the content argument leads to...

5.4CVSS4.5AI score0.00556EPSS
Exploits0References6
Rows per page
Query Builder