Lucene search
K

213680 matches found

Prion
Prion
•added 2024/02/28 5:15 p.m.•16 views

Design/Logic Flaw

A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...

6.5CVSS7.1AI score0.00486EPSS
Exploits0References3
Prion
Prion
•added 2024/02/28 5:15 p.m.•25 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8...

5.8CVSS7.2AI score0.00208EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 3:15 p.m.•30 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5...

4.3CVSS5AI score0.00227EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 3:15 p.m.•24 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6...

5.8CVSS5.9AI score0.00187EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 3:15 p.m.•19 views

Privilege escalation

A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...

2.9CVSS6AI score0.002EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 1:15 p.m.•23 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...

5.5CVSS8.8AI score0.00544EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 1:15 p.m.•16 views

Heap overflow

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...

4.3CVSS8.9AI score0.0142EPSS
Exploits0References12
Prion
Prion
•added 2024/02/28 1:15 p.m.•19 views

Cross site scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.5CVSS5.7AI score0.0034EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 1:15 p.m.•30 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

7.5CVSS9.8AI score0.00565EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 1:15 p.m.•32 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...

4.7CVSS8AI score0.00541EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 1:15 p.m.•15 views

Heap overflow

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments...

4.3CVSS9AI score0.0142EPSS
Exploits0References12
Prion
Prion
•added 2024/02/28 1:15 p.m.•27 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...

6.4CVSS9.6AI score0.00565EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 1:15 p.m.•31 views

Server side request forgery (ssrf)

Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub. This vulnerability could allow an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by oth...

6.4CVSS6.5AI score0.0035EPSS
Exploits0References1
Prion
Prion
•added 2024/02/28 1:15 p.m.•14 views

Sql injection

Osclass 5.1.2 is vulnerable to SQL Injection...

7.4AI score0.00611EPSS
Exploits1References1
Prion
Prion
•added 2024/02/28 12:15 p.m.•32 views

Code injection

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, whi...

4CVSS4.9AI score0.00945EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 12:15 p.m.•15 views

Information disclosure

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area...

6.5CVSS8.3AI score0.005EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 12:15 p.m.•33 views

Code injection

Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...

4CVSS5.1AI score0.00727EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 12:15 p.m.•27 views

Design/Logic Flaw

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be...

4CVSS4.7AI score0.00866EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 12:15 p.m.•11 views

Cross site scripting

Potential Cross-Site Scripting XSS in the page editing area...

6CVSS7AI score0.005EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 12:15 p.m.•41 views

Input validation

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...

3.3CVSS5.4AI score0.00773EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 10:15 a.m.•27 views

Design/Logic Flaw

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackertruncatescantable function in all versions up to, and including, 4.52. This mak...

4CVSS6.7AI score0.00361EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 10:15 a.m.•19 views

Code injection

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

4CVSS7.8AI score0.00969EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 10:15 a.m.•13 views

Cross site request forgery (csrf)

The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...

4.3CVSS6.7AI score0.00297EPSS
Exploits0References3
Prion
Prion
•added 2024/02/28 10:15 a.m.•31 views

Design/Logic Flaw

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackeraddwhitelist function in all versions up to, and including, 4.51. This makes it...

6.4CVSS7AI score0.00378EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•32 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource The platformgetresourcebyname can return NULL which would be immediately dereferenced by resourcesize. Instead dereference it after validating the resource...

6.8AI score0.00235EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•17 views

Cross site request forgery (csrf)

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for...

6.8CVSS6.7AI score0.00215EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•20 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is not supported as t...

7.1AI score0.00246EPSS
Exploits0References5
Prion
Prion
•added 2024/02/28 9:15 a.m.•15 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in fhtodentry...

6.7AI score0.00243EPSS
Exploits0References5
Prion
Prion
•added 2024/02/28 9:15 a.m.•27 views

Cross site request forgery (csrf)

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to delete the...

4.3CVSS4.3AI score0.00275EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•18 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 commit 4dbc6a4ef06d "usb: typec: ucsi: save power data objects in PD mode" introduced retrieval of the PDOs when connected to a PD-capable source. But only the...

6.4AI score0.0023EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•19 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using actct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range...

6.7AI score0.00233EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•26 views

Design/Logic Flaw

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...

6.4CVSS6.3AI score0.0053EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•45 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...

6.8AI score0.00246EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR services are restarted after the firmware crash. However currently Q6afe-clocks driver will oops because hw.init will ge...

6.8AI score0.00239EPSS
Exploits0References3
Prion
Prion
•added 2024/02/28 9:15 a.m.•11 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfcprepelsiocb It is possible to call lpfcissueelsplogi passing a did for which no matching ndlp is found. A call is then made to lpfcprepelsiocb with a null pointer to a lpfcnodelist...

7.1AI score0.00239EPSS
Exploits0References3
Prion
Prion
•added 2024/02/28 9:15 a.m.•24 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix NULL pointer dereference for -getfeatures getfeatures ops of pciepcops may return NULL, causing NULL pointer dereference in pciepftestallocspace function. Let us add a check for pciepcfeature pointer in...

6.6AI score0.00236EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•27 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Always enable the clk on resume In mtkiommuruntimeresume always enable the clk, even if m4udom is null. Otherwise the 'suspend' cb might disable the clk which is already disabled causing the warning: 1.586104...

6.7AI score0.0023EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•24 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memleak when mt7615unregisterdevice mt7615txtokenput should get call before mt76freependingtxwi...

6.8AI score0.00236EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•28 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix tx skb dma unmap The first pointer in the txp needs to be unmapped as well, otherwise it will leak DMA mapping entries...

6.7AI score0.00222EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•27 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix possible invalid register access Disable the interrupt and synchronze for the pending irq handlers to ensure the irq tasklet is not being scheduled after the suspend to avoid the possible invalid register access...

6.7AI score0.00205EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•29 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash when the firmware fails to download Fix kernel crash when the firmware is missing or fails to download. 9.444758 kernel BUG at drivers/pci/msi.c:375! 9.449363 Internal error: Oops - BUG: 0 1 PREEMPT...

6.7AI score0.00246EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•40 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUGON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmemmfillatomicpte. We successfully account the blocks, we...

7AI score0.0024EPSS
Exploits0References7
Prion
Prion
•added 2024/02/28 9:15 a.m.•27 views

Improper access control

The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature when unset and view...

5CVSS7.1AI score0.00517EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•25 views

Path traversal

In the Linux kernel, the following vulnerability has been resolved: media: next staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554platformdatafunc returns an error there is a memory leak on the error return path of object flash. Fix this by adding an err...

6.6AI score0.00222EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•19 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxdcmdexec that pass a null status pointer however a recent commit has added an assignment to status that can end up with a null pointer...

6.7AI score0.00236EPSS
Exploits0References4
Prion
Prion
•added 2024/02/28 9:15 a.m.•17 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ethernet:enic: Fix a use after free bug in enichardstartxmit In enichardstartxmit, it calls enicqueuewqskb. Inside enicqueuewqskb, if some error happens, the skb will be freed by devkfreeskbskb. But the freed skb is still used in...

6.8AI score0.00242EPSS
Exploits0References6
Prion
Prion
•added 2024/02/28 9:15 a.m.•19 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix RX consumer index logic in the error path. In bnxtrxpkt, the RX buffers are expected to complete in order. If the RX consumer index indicates an out of order buffer completion, it means we are hitting a hardware bug a...

6.8AI score0.0025EPSS
Exploits0References5
Prion
Prion
•added 2024/02/28 9:15 a.m.•14 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in lpi2cimxmasterenable. However, pmruntimegetsync will increment the PM reference count even faile...

6.6AI score0.00225EPSS
Exploits0References5
Prion
Prion
•added 2024/02/28 9:15 a.m.•20 views

Information disclosure

The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...

5CVSS5AI score0.00496EPSS
Exploits0References2
Prion
Prion
•added 2024/02/28 9:15 a.m.•21 views

Double free

In the Linux kernel, the following vulnerability has been resolved: iio: core: fix ioctl handlers removal Currently ioctl handlers are removed twice. For the first time during iiodeviceunregister then later on inside iiodeviceunregistereventset and iiobuffersfreesysfsandmask. Double free leads to...

6.9AI score0.00222EPSS
Exploits0References3
Total number of security vulnerabilities213680