Lucene search
K

514 matches found

Cvelist
Cvelist
added 2024/10/28 12:58 p.m.40 views

CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

2.2CVSS0.00119EPSS
Exploits0References1
CVE
CVE
added 2024/10/28 12:58 p.m.111 views

CVE-2024-8013

CVE-2024-8013 stems from a bug in query analysis of certain complex self-referential $lookup subpipelines that can cause literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Impact: if triggered, no documents would be returned or written....

3.3CVSS3.7AI score0.00119EPSS
Exploits0References1Affected Software2
MongoDB
MongoDB
added 2024/10/28 12:57 p.m.35 views

CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

3.3CVSS6.8AI score0.00119EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/10/15 12:0 a.m.47 views

CVE-2024-48781

The CVE-2024-48781 entry concerns Wanxing Technology Yitu Project Management Kirin Edition 2.3.6. A remote attacker can trigger arbitrary code execution by supplying a specially crafted file to /opt/EdrawProj-2/plugins/imageformat. The issue is described consistently across multiple sources (NVD/...

9.8CVSS8.1AI score0.00734EPSS
Exploits0References1
OSV
OSV
added 2024/10/07 3:15 p.m.2 views

CVE-2024-9574

SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

6.5CVSS5.9AI score0.00519EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/09/16 12:0 a.m.61 views

Ubuntu: Security Advisory (USN-7008-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS10AI score0.02701EPSS
Exploits3References4
NVD
NVD
added 2024/09/11 2:15 p.m.16 views

CVE-2024-27114

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...

9.8CVSS0.00539EPSS
Exploits0References1
NVD
NVD
added 2024/09/11 2:15 p.m.35 views

CVE-2024-27115

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...

10CVSS0.0459EPSS
Exploits0References1
NVD
NVD
added 2024/09/11 2:15 p.m.24 views

CVE-2024-27112

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...

9.8CVSS0.00409EPSS
Exploits0References1
NVD
NVD
added 2024/09/11 2:15 p.m.19 views

CVE-2024-27113

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

9.8CVSS0.00421EPSS
Exploits0References1
CVE
CVE
added 2024/09/11 1:41 p.m.69 views

CVE-2024-27113

CVE-2024-27113 affects the SOPlanning tool (SOPlanning) where an unauthenticated Insecure Direct Object Reference (IDOR) can occur when the public view is enabled, allowing exporting the underlying database via CSV. Root cause: IDOR exposure enabling access to the database export functionality. I...

9.8CVSS9.5AI score0.00421EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/09/11 1:41 p.m.117 views

CVE-2024-27115

CVE-2024-27115 corresponds to an authenticated RCE in SOPlanning via PHP file upload. The nuclei template specifies exploitation of SOPlanning 1.52.01 through authenticated file upload, enabling an attacker to upload and execute PHP code. Remediation is to upgrade to a version newer than 1.52.01,...

10CVSS9.9AI score0.0459EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/11 1:41 p.m.30 views

CVE-2024-27113 Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02

An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...

9.3CVSS7AI score0.00421EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/11 1:41 p.m.17 views

CVE-2024-27115 Remote Code Execution through File Upload in SOPlanning before 1.52.02

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...

10CVSS7.5AI score0.0459EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/11 1:41 p.m.31 views

CVE-2024-27115 Remote Code Execution through File Upload in SOPlanning before 1.52.02

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution...

10CVSS0.0459EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/11 1:41 p.m.18 views

CVE-2024-27114 Remote Code Execution through File Upload in SOPlanning before 1.52.02

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...

8.9CVSS0.00539EPSS
Exploits0References1
CVE
CVE
added 2024/09/11 1:41 p.m.56 views

CVE-2024-27112

CVE-2024-27112 describes an unauthenticated SQL Injection in the SOPlanning (SO Planning tool) when the public view setting is enabled. The vulnerability could allow an attacker to access the underlying database. It has been remediated in version 1.52.02. Connected sources confirm this CVE affect...

9.8CVSS10AI score0.00409EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/09/11 1:41 p.m.58 views

CVE-2024-27114

SO Planning is vulnerable to an unauthenticated remote code execution via the PHP file upload feature when the public view setting is enabled. Affected versions are prior to 1.52.02; an attacker can upload a PHP file, which is briefly executable before removal, enabling code execution on the unde...

9.8CVSS9.9AI score0.00539EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/26 12:0 a.m.25 views

CVE-2024-41444

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so...

0.00494EPSS
Exploits0References3
Veracode
Veracode
added 2024/07/25 4:53 a.m.19 views

Assertion Failure

libbind9.so is vulnerable to an Assertion Failure. The vulnerability is due to improper handling of client queries that trigger serving stale data and require lookups in local authoritative zone data, allowing an attacker to disrupt the normal operation of the BIND 9 service, potentially causing ...

7.5CVSS6.5AI score0.02111EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder