Lucene search
K

30468 matches found

OSV
OSV
added 2024/07/15 10:2 p.m.16 views

CGA-MR6F-6X69-27VH

Bulletin has no description...

4.7CVSS6.9AI score0.00654EPSS
Exploits0
OSV
OSV
added 2024/07/15 9:50 p.m.11 views

CGA-387J-788M-Q386

Bulletin has no description...

9.8CVSS8.4AI score0.01952EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/15 7:53 p.m.17 views

Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2024-0985)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY. By persuading a victim...

8CVSS8.3AI score0.01465EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.5 views

PT-2024-33860 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts WordPress plugin versions prior to 20240516 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS5.4AI score0.00423EPSS
Exploits1References5
CBLMariner
CBLMariner
added 2024/07/12 11:39 p.m.18 views

CVE-2017-18214 affecting package reaper for versions less than 3.1.1-10

CVE-2017-18214 affecting package reaper for versions less than 3.1.1-10. A patched version of the package is available...

7.5CVSS6.9AI score0.03673EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/07/12 12:32 p.m.16 views

CVE-2024-40968 MIPS: Octeon: Add PCIe link status check

In the Linux kernel, the following vulnerability has been resolved: MIPS: Octeon: Add PCIe link status check The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it ca...

6.7AI score0.00296EPSS
Exploits0References8
OSV
OSV
added 2024/07/10 3:10 p.m.14 views

GHSA-QCJ6-VXWX-4RQV Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...

6.9CVSS5.1AI score0.00492EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/07/10 12:0 a.m.12 views

Juniper Junos OS Vulnerability (JSA82976)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82976 advisory. - An Improper Input Validation vulnerability in the 802.1X Authentication dot1x Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to th...

6.8CVSS5.6AI score0.00148EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/10 12:0 a.m.12 views

Juniper Junos OS Vulnerability (JSA82999)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82999 advisory. - A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a...

6CVSS5.7AI score0.00217EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/10 12:0 a.m.15 views

Juniper Junos OS Vulnerability (JSA82978)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82978 advisory. - An Improper Input Validation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Deni...

6.8CVSS5.6AI score0.00148EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/10 12:0 a.m.37 views

Juniper Junos OS Vulnerability (JSA82992)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82992 advisory. - An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high...

6.3CVSS5.6AI score0.00155EPSS
Exploits0References3
OSV
OSV
added 2024/07/08 2:22 p.m.12 views

GHSA-3V33-3WMW-3785 yt-dlp has dependency on potentially malicious third-party code in Douyu extractors

Impact yt-dlp's DouyuTV and DouyuShow extractors used a cdn.bootcdn.net URL as a fallback for fetching a component of the crypto-js JavaScript library. When the Douyu extractor is used, yt-dlp extracts this JavaScript code and attempts to execute it externally using PhantomJS. bootcdn.net is owne...

7.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.6 views

PT-2024-4669

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 8.7 and 8.8 Description: A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is...

7CVSS7.8AI score0.27935EPSS
Exploits1References149
OSV
OSV
added 2024/07/05 6:42 p.m.26 views

CVE-2024-39691 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...

4.3CVSS4.6AI score0.00494EPSS
Exploits0References6
NVD
NVD
added 2024/07/05 6:15 p.m.22 views

CVE-2024-39687

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has...

7.2CVSS0.006EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/05 5:24 p.m.17 views

CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts

Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...

8.2CVSS6.7AI score0.00526EPSS
Exploits0References5
NVD
NVD
added 2024/07/05 7:15 a.m.21 views

CVE-2024-39473

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process-baseconfigext i...

5.5CVSS0.00211EPSS
Exploits0References3
OSV
OSV
added 2024/07/04 10:5 p.m.19 views

CGA-FRV6-3CMW-R66F

Bulletin has no description...

4.3CVSS5.4AI score0.01399EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/04 12:0 a.m.3 views

PT-2024-37680 · Unknown · Y Project Ruoyi

Name of the Vulnerable Software and Affected Versions: y project RuoYi versions up to 4.7.9 Description: A vulnerability was found in the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT TYPE leads to cross site scripting. The atta...

6.1CVSS3.5AI score0.0034EPSS
Exploits1References11
CBLMariner
CBLMariner
added 2024/07/03 1:33 a.m.19 views

CVE-2020-27824 affecting package openjpeg2 for versions less than 2.3.1-12

CVE-2020-27824 affecting package openjpeg2 for versions less than 2.3.1-12. A patched version of the package is available...

5.5CVSS7AI score0.0161EPSS
Exploits0
Rows per page
Query Builder