Lucene search
K

2772 matches found

OSV
OSV
added 2025/05/28 5:36 p.m.3 views

GHSA-2HJ5-G64G-FP6P Argo CD allows cross-site scripting on repositories page

Impact This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with...

9CVSS9.1AI score0.00411EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/28 12:0 a.m.5 views

PT-2025-23074 · Unknown · Llama-Index Cli

Name of the Vulnerable Software and Affected Versions: LLama-Index CLI version v0.12.20 Description: The LLama-Index CLI contains an OS command injection issue due to the improper handling of the --files argument, which is directly passed into os.system. This allows an attacker who controls the...

7.8CVSS8.1AI score0.0103EPSS
Exploits1References12
OSV
OSV
added 2025/05/27 3:3 p.m.4 views

GHSA-2XV9-GHH9-XC69 radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Impact This is a prototype pollution vulnerability. It impacts users of the set function within the Radashi library. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpect...

8.8CVSS8.1AI score0.00557EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.5 views

PT-2025-23019 · Maccms10 · Maccms10

Name of the Vulnerable Software and Affected Versions: maccms10 version 2025.1000.4047 Description: The issue is related to Server-Side request forgery SSRF in Friend Link Management. This allows an attacker to trick the server into making unintended requests. Recommendations: For version...

5.4CVSS6.2AI score0.00283EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.5 views

PT-2025-22949 · Unknown · Freefloat Ftp Server

Name of the Vulnerable Software and Affected Versions: FreeFloat FTP Server version 1.0.0 Description: A critical vulnerability was found in the GET Command Handler component of FreeFloat FTP Server, leading to a buffer overflow. This issue can be exploited remotely. The manipulation with the GET...

9.8CVSS7.4AI score0.00588EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2024-ef9db8b16d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.1AI score0.00737EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/05/25 12:0 a.m.3 views

PT-2025-22854 · Qualitor · Qualitor

Name of the Vulnerable Software and Affected Versions: Qualitor version 8.20 Description: A critical issue affects some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php. The manipulation of the nmconexao argument leads to command injection. This issu...

8.1CVSS5.9AI score0.02946EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.15 views

CVE-2024-47885

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...

5.9CVSS5.6AI score0.00408EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.7 views

CVE-2024-45403

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

7.5CVSS6.8AI score0.00632EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:40 a.m.12 views

CVE-2024-47819

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

8.7CVSS6.4AI score0.00326EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.11 views

CVE-2024-45297

Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known...

5.3CVSS6.7AI score0.00318EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.12 views

CVE-2024-45605

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert...

6.5CVSS6.8AI score0.00386EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.7 views

CVE-2024-42483

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are...

6.5CVSS6.8AI score0.00301EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.4 views

CVE-2024-1017

A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

7.5CVSS6.8AI score0.01399EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.9 views

CVE-2024-24574

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side XSS. This vulnerability has been patched in version 3.2.5...

6.5CVSS7.1AI score0.0088EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.5 views

CVE-2024-38518

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an...

4.6CVSS6.8AI score0.00307EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:4 a.m.2 views

CVE-2024-28188

Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been...

5.3CVSS6.6AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.8 views

CVE-2024-32476

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service DoS vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in versions 2.10.7, 2.9.12 and 2.8.16...

6.5CVSS6.8AI score0.01005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:30 a.m.5 views

CVE-2024-6173

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions...

6.5CVSS6.9AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:25 a.m.18 views

CVE-2024-49755

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even...

3.1CVSS6.8AI score0.0032EPSS
Exploits0References1
Rows per page
Query Builder