Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/26 4:27 p.m.22 views

Design/Logic Flaw

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS7.1AI score0.00684EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.15 views

Unrestricted file upload

flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in updatesetting.php...

7.3AI score0.00585EPSS
Exploits1References1
Prion
Prion
added 2024/02/26 4:27 p.m.16 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: power: supply: Fix null pointer dereference in smb2probe devmkasprintf and devmkzalloc return a pointer to dynamically allocated memory which can be NULL upon failure...

7.1AI score0.00288EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.19 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpialloc allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but...

7.1AI score0.00272EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.12 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the GGUF library info-ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

6.8CVSS8.2AI score0.01375EPSS
Exploits1References1
Prion
Prion
added 2024/02/26 4:27 p.m.22 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It i...

4CVSS6.7AI score0.00505EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.43 views

Cross site request forgery (csrf)

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

6.5CVSS7.3AI score0.00813EPSS
Exploits1References2
Prion
Prion
added 2024/02/26 4:27 p.m.19 views

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.2AI score0.00429EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.35 views

Cross site scripting

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

4.9CVSS6.2AI score0.00626EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.28 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd "ext4: remove redundant mbregeneratebuddy" and reintroduces mbregeneratebuddy. Based on code in mbfreeblocks, fast commi...

7.2AI score0.00278EPSS
Exploits0References6
Prion
Prion
added 2024/02/26 4:27 p.m.30 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement sendsrp, we may still attempt to call it. This can happen on an idle Ethernet gadget triggeri...

7AI score0.00295EPSS
Exploits0References8
Prion
Prion
added 2024/02/26 4:27 p.m.20 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the allocworkqueue return value in radeoncrtcinit check the allocworkqueue return value in radeoncrtcinit to avoid null-ptr-deref...

7.2AI score0.0029EPSS
Exploits0References8
Prion
Prion
added 2024/02/26 4:27 p.m.10 views

Buffer overflow

Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening...

5CVSS7.1AI score0.01004EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.21 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in iceptp.c devmkasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...

7.1AI score0.00232EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.16 views

Command injection

Splinefont in FontForge through 20230101 allows command injection via crafted filenames...

7.9AI score0.01082EPSS
Exploits1References3
Prion
Prion
added 2024/02/26 4:27 p.m.22 views

Server side request forgery (ssrf)

The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wcsfurlcheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary...

5.5CVSS6.9AI score0.00536EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.16 views

Authentication flaw

This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage...

5.8CVSS6.9AI score0.00924EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.33 views

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 "net: hso: fix null-ptr-deref during tty device unregistration" fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointe...

7.2AI score0.00261EPSS
Exploits0References6
Prion
Prion
added 2024/02/26 4:27 p.m.18 views

Design/Logic Flaw

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier...

5.1CVSS7.2AI score0.00476EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.16 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

6.5CVSS7.2AI score0.00643EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.13 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the GGUF library header.nkv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

6.8CVSS7.9AI score0.01349EPSS
Exploits1References1
Prion
Prion
added 2024/02/26 4:27 p.m.10 views

Design/Logic Flaw

openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c...

7.1AI score0.00454EPSS
Exploits1References1
Prion
Prion
added 2024/02/26 4:27 p.m.10 views

Design/Logic Flaw

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the...

5CVSS6.9AI score0.00927EPSS
Exploits0References6
Prion
Prion
added 2024/02/26 4:27 p.m.15 views

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/26 4:27 p.m.14 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

6.8AI score
Exploits0
Prion
Prion
added 2024/02/26 4:27 p.m.39 views

Design/Logic Flaw

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

5CVSS6.9AI score0.01433EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.21 views

Authentication flaw

This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage...

2.3CVSS4.3AI score0.00797EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.16 views

Design/Logic Flaw

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3...

5CVSS6.9AI score0.00638EPSS
Exploits0References5
Prion
Prion
added 2024/02/26 4:27 p.m.34 views

Design/Logic Flaw

IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for oth...

6.8AI score0.01209EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.36 views

Out-of-bounds

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. This issue affects some unknown processing of the file users/register-complaint.php of the component Lodge Complaint Section. The manipulation leads to unrestricted upload. The attack may be...

6.5CVSS7.2AI score0.00854EPSS
Exploits1References3
Prion
Prion
added 2024/02/26 4:27 p.m.23 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the GGUF library GGUFTYPEARRAY/GGUFTYPESTRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

6.8CVSS8.2AI score0.01349EPSS
Exploits1References1
Prion
Prion
added 2024/02/26 4:27 p.m.19 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

7.5CVSS7.2AI score0.0063EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.21 views

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxartremove, so fix this by saving the base register of the device and using it instead of t...

7.2AI score0.0031EPSS
Exploits0References8
Prion
Prion
added 2024/02/26 4:27 p.m.12 views

Cross site scripting

User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS rende...

5.5CVSS6.4AI score0.00473EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.11 views

Design/Logic Flaw

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

5.5CVSS7.7AI score0.0048EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.14 views

Command injection

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...

8.4AI score0.01379EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.16 views

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.2AI score0.00425EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.18 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the GGUF library gguffreadstr functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

6.8CVSS7.9AI score0.01349EPSS
Exploits1References1
Prion
Prion
added 2024/02/26 4:27 p.m.18 views

Design/Logic Flaw

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files...

5.5CVSS7.1AI score0.00636EPSS
Exploits1References2
Prion
Prion
added 2024/02/26 4:27 p.m.10 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the GGUF library header.ntensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

6.8CVSS8.2AI score0.01349EPSS
Exploits1References1
Prion
Prion
added 2024/02/26 4:27 p.m.26 views

Cross site scripting

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.8CVSS6.2AI score0.00686EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.13 views

Information disclosure

A user with a default role given to them by the admin can sent DELETE HTTP requests to remove-folder and remove-document to delete folders and source files from the instance even when their role should explicitly not allow this action on the system...

5.5CVSS7.3AI score0.00571EPSS
Exploits1References2
Prion
Prion
added 2024/02/26 4:27 p.m.19 views

Design/Logic Flaw

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests...

5.2CVSS7.4AI score0.00538EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.15 views

Design/Logic Flaw

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

5.5CVSS7.1AI score0.00784EPSS
Exploits0References5
Prion
Prion
added 2024/02/26 4:27 p.m.39 views

Design/Logic Flaw

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

2.3CVSS7.1AI score0.00517EPSS
Exploits1References3
Prion
Prion
added 2024/02/26 4:27 p.m.17 views

Sql injection

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be...

6.5CVSS7.7AI score0.00628EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.23 views

Directory traversal

The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server...

4CVSS7.2AI score0.00817EPSS
Exploits0References3
Prion
Prion
added 2024/02/26 4:27 p.m.13 views

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through 1.0.9...

5CVSS7.1AI score0.00443EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.24 views

Design/Logic Flaw

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met...

7.5AI score0.00359EPSS
Exploits2References2
Prion
Prion
added 2024/02/26 4:27 p.m.17 views

Server side request forgery (ssrf)

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery SSRF via the event subscription function /service/subscription.go. This vulnerability allows attackers to access internal requests via a crafted POST request...

7.5AI score0.00666EPSS
Exploits1References4
Total number of security vulnerabilities213680