Lucene search
K

1378 matches found

CVE
CVE
added 2024/09/18 3:1 p.m.65 views

CVE-2022-25775

CVE-2022-25775 affects Mautic, specifically the Reports bundle. The vulnerability is an SQL injection in dynamic Reports, allowing an authenticated, logged-in user to retrieve and alter data, potentially exposing sensitive information, compromising credentials, and, depending on database permissi...

7.2CVSS6.8AI score0.00593EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/09/18 2:54 p.m.72 views

CVE-2022-25774

CVE-2022-25774 affects Mautic prior to 4.4.12. A self‑XSS in the notifications you save for Dashboards allows logged‑in users to inject/execute JavaScript in the notification content. Remediation: update to Mautic 4.4.12 or later. No exploitation details are provided in the supplied documents.

5.4CVSS4.9AI score0.00372EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/09/18 2:47 p.m.85 views

CVE-2022-25769

CVE-2022-25769 relates to Mautic where the default .htaccess contains an improper regex in the htaccess FilesMatch rule that only checks the filename, not the full path. This logic flaw allows improper access control and could enable unauthorized access to restricted PHP files in the root directo...

9.1CVSS7AI score0.00502EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/09/17 1:38 p.m.83 views

CVE-2024-22303

CVE-2024-22303 is an Incorrect Privilege Assignment vulnerability in the favethemes Houzez WordPress theme (affected versions “n/a through 3.2.4”). The issue allows Privilege Escalation for authenticated users (Subscriber+). CVSS v3.1 base score 8.8 (HIGH) with network exposure, low attack comple...

8.8CVSS8.8AI score0.00444EPSS
Exploits0References1
CVE
CVE
added 2024/09/17 1:35 p.m.91 views

CVE-2024-21743

CVE-2024-21743 is a Privilege Escalation in the favethemes Houzez Login Register WordPress plugin (houzez-login-register) affecting versions ≤ 3.2.5. The issue enables authenticated users (Subscriber level) to escalate privileges, effectively via an account takeover vector; it is described as a S...

8.8CVSS8.7AI score0.00444EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/09/07 4:3 p.m.37 views

CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS6.7AI score0.01302EPSS
Exploits0
CVE
CVE
added 2024/09/07 4:3 p.m.408 views

CVE-2023-46809

CVE-2023-46809 affects Node.js runtimes that bundle an unpatched OpenSSL or use a dynamically linked OpenSSL version; exposed to the Marvin Attack when PKCS #1 v1.5 padding is allowed during RSA decryption with a private key. This is a timing/side-channel vulnerability affecting confidentiality a...

7.4CVSS6.7AI score0.01302EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2024/09/07 4:0 p.m.70 views

CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

5.3CVSS8.1AI score0.00936EPSS
Exploits0
CVE
CVE
added 2024/09/07 4:0 p.m.526 views

CVE-2023-30583

CVE-2023-30583 : In Node.js 20, the fs.openAsBlob() API can bypass the experimental permission model when the file system read restriction is enabled with --allow-fs-read, due to a missing check in fs.openAsBlob(). The description notes this as part of the experimental feature set. Remediation/fi...

7.5CVSS7.3AI score0.00722EPSS
Exploits0References2
CVE
CVE
added 2024/09/07 4:0 p.m.539 views

CVE-2023-30587

CVE-2023-30587: Node.js 20 inspector-based bypass allows an attacker to modify the Worker’s isInternal value when an inspector attaches inside the Worker constructor before initializing WorkerImpl, bypassing the experimental permission model. Affected: Node.js users using the permission model mec...

7.5CVSS7.3AI score0.00747EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/09/07 4:0 p.m.27 views

CVE-2023-30583

fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...

7.5CVSS6.5AI score0.00722EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/09/07 4:0 p.m.42 views

CVE-2023-30587

A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...

7.5CVSS7.6AI score0.00747EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.30 views

RHEL 8 : kernel (RHSA-2024:4731)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4731 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: GSM multiplexing race conditio...

7.5CVSS6.9AI score0.00767EPSS
Exploits0References6
CVE
CVE
added 2024/07/16 10:30 p.m.74 views

CVE-2023-7012

CVE-2023-7012 affects Google Chrome’s Permission Prompts due to insufficient data validation, potentially enabling a sandbox escape when a user runs a malicious app. Described for Chrome versions before 117.0.5938.62; exploitation requires user interaction and a malicious file. Astra Linux bullet...

9.6CVSS6.5AI score0.00319EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/07/16 10:30 p.m.143 views

CVE-2024-3176

CVE-2024-3176 affects Google Chrome with an out-of-bounds write in SwiftShader triggered by a crafted HTML page, enabling remote memory corruption. Chrome versions prior to 117.0.5938.62 are vulnerable; upgrade to 117.0.5938.62 or later to mitigate. Other connected sources corroborate the same Ch...

8.8CVSS6.4AI score0.00343EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/07/16 10:30 p.m.65 views

CVE-2023-7010

CVE-2023-7010 is a use-after-free vulnerability in WebRTC in Google Chrome, with impact described as potential heap corruption. The affected software is Google Chrome (WebRTC component); the concrete detail provided indicates exploitation could be remote via a crafted HTML page, and the vulnerabi...

8.8CVSS7AI score0.00411EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/07/16 10:30 p.m.94 views

CVE-2023-4860

CVE-2023-4860 affects Google Chrome (Skia) via an inappropriate Skia implementation in Chromium before 115.0.5790.98, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox by crafting an HTML page. The vulnerability is rooted in the Skia component a...

9.6CVSS6.5AI score0.00369EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/07/16 10:14 p.m.135 views

CVE-2024-3174

The CVE-2024-3174 entry describes an issue in Google Chrome/Chromium’s V8: an inappropriate implementation allowed remote attackers to potentially trigger object corruption via a crafted HTML page. Affected version set is before 119.0.6045.105 (Chromium), with High severity per NVD. The vulnerabi...

8.8CVSS6.5AI score0.00364EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/07/16 10:14 p.m.114 views

CVE-2024-3175

CVE-2024-3175 concerns insufficient data validation in the Chrome Extensions component, enabling privilege escalation via a crafted Chrome Extension. The primary documentation states vulnerable component as Extensions, with affected Chrome versions before 120.0.6099.62 (remediation: update to 120...

8.8CVSS6.7AI score0.00232EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/07/16 10:14 p.m.119 views

CVE-2024-3169

The CVE-2024-3169 issue affects Google Chrome (V8/Chromium) and is caused by a Use after free in V8, leading to potential heap corruption via a crafted HTML page. Affected software includes Google Chrome with V8, prior to 121.0.6167.139. Impact is high: remote attacker could potentially exploit t...

8.8CVSS6.7AI score0.00343EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder