Lucene search

K

1app Technologies, Inc Security Vulnerabilities

cve
cve

CVE-2020-7923

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8...

6.5CVSS

6.1AI Score

0.001EPSS

2020-08-21 03:15 PM
60
cve
cve

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.6AI Score

0.0004EPSS

2024-05-02 05:15 PM
32
vulnrichment
vulnrichment

CVE-2022-48702 ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.7AI Score

0.0004EPSS

2024-05-03 03:13 PM
nvd
nvd

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-02 05:15 PM
nvd
nvd

CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

9.8CVSS

9.7AI Score

0.001EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-2301

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the...

5.9AI Score

0.0004EPSS

2024-05-23 05:15 PM
60
cve
cve

CVE-2021-32039

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code...

5.5CVSS

5.4AI Score

0.0004EPSS

2022-01-20 03:15 PM
31
cve
cve

CVE-2019-20923

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to...

6.5CVSS

6.2AI Score

0.001EPSS

2020-11-30 12:00 AM
27
cve
cve

CVE-2023-41291

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...

5.5CVSS

6.3AI Score

0.0004EPSS

2024-04-26 03:15 PM
26
nessus
nessus

RHEL 7 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: loading of modules from current directory (CVE-2016-1238) perl: XSLoader loads relative paths not...

8.1AI Score

0.004EPSS

2024-05-11 12:00 AM
3
cve
cve

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1...

7.7AI Score

0.004EPSS

2024-04-29 05:15 PM
71
nvd
nvd

CVE-2024-2109

The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user...

5.3CVSS

5.6AI Score

0.0005EPSS

2024-05-02 05:15 PM
2
nvd
nvd

CVE-2024-0847

The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-05-02 05:15 PM
arista
arista

Security Advisory 0096

Security Advisory 0096 _._CSAF PDF Date: May 21, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 21, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-5502 CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-287 Improper...

6.3AI Score

EPSS

2024-05-21 12:00 AM
1
nvd
nvd

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1...

7.4AI Score

0.004EPSS

2024-04-29 05:15 PM
1
cvelist
cvelist

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-02 04:52 PM
schneier
schneier

On the Zero-Day Market

New paper: "Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market": Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike...

7.4AI Score

2024-05-24 11:07 AM
5
nvd
nvd

CVE-2023-37244

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-05-02 02:15 PM
cvelist
cvelist

CVE-2024-35855 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...

6.4AI Score

0.0004EPSS

2024-05-17 02:47 PM
cve
cve

CVE-2024-27244

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-15 09:15 PM
19
cvelist
cvelist

CVE-2024-3375 Broken Access Control in Havelsan's Dialogue

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or...

9.4CVSS

9.5AI Score

0.001EPSS

2024-04-29 09:00 AM
2
nvd
nvd

CVE-2024-1716

The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...

4.3CVSS

4.3AI Score

0.001EPSS

2024-05-02 05:15 PM
cvelist
cvelist

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1...

7.7AI Score

0.004EPSS

2024-04-29 12:00 AM
1
nvd
nvd

CVE-2024-3375

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or...

9.4CVSS

9.4AI Score

0.001EPSS

2024-04-29 09:15 AM
1
cve
cve

CVE-2024-35855

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...

6.7AI Score

0.0004EPSS

2024-05-17 03:15 PM
26
cve
cve

CVE-2024-27242

Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network...

4.1CVSS

6.3AI Score

0.0004EPSS

2024-04-09 06:15 PM
23
cve
cve

CVE-2024-24699

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network...

6.5CVSS

6.1AI Score

0.0004EPSS

2024-02-14 12:15 AM
14
cve
cve

CVE-2024-3375

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or...

9.4CVSS

6.9AI Score

0.001EPSS

2024-04-29 09:15 AM
28
nuclei
nuclei

WordPress EasyCart <2.0.6 - Information Disclosure

WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo...

6AI Score

0.028EPSS

2022-08-04 10:31 AM
11
schneier
schneier

How Criminals Are Using Generative AI

There's a new report on how criminals are using generative AI tools: Key Takeaways: Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime. Compared to last year, criminals seem to have abandoned any...

7.2AI Score

2024-05-09 04:05 PM
5
cve
cve

CVE-2023-52739

In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca ...

6.8AI Score

0.0004EPSS

2024-05-21 04:15 PM
26
cve
cve

CVE-2024-24698

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local...

4.9CVSS

4.8AI Score

0.0004EPSS

2024-02-14 12:15 AM
14
cvelist
cvelist

CVE-2023-52739 Fix page corruption caused by racy check in __free_pages

In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca ...

6.7AI Score

0.0004EPSS

2024-05-21 03:23 PM
vulnrichment
vulnrichment

CVE-2024-36007 mlxsw: spectrum_acl_tcam: Fix warning during rehash

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

6.7AI Score

0.0004EPSS

2024-05-20 09:48 AM
vulnrichment
vulnrichment

CVE-2024-35853 mlxsw: spectrum_acl_tcam: Fix memory leak during rehash

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...

6.9AI Score

0.0004EPSS

2024-05-17 02:47 PM
1
cve
cve

CVE-2024-24696

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network...

6.8CVSS

6.3AI Score

0.0004EPSS

2024-02-14 12:15 AM
15
cve
cve

CVE-2024-27243

Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-15 09:15 PM
22
githubexploit
githubexploit

Exploit for Incorrect Behavior Order: Authorization Before Parsing and Canonicalization in Eclipse Jetty

CVE-2021-34429 POC for CVE-2021-34429 - Eclipse Jetty 11.0.5...

5.3CVSS

5.7AI Score

0.489EPSS

2021-11-03 09:13 AM
567
cve
cve

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

6.6AI Score

0.0004EPSS

2024-05-20 10:15 AM
28
cvelist
cvelist

CVE-2024-35854 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....

6.4AI Score

0.0004EPSS

2024-05-17 02:47 PM
1
cvelist
cvelist

CVE-2024-35853 mlxsw: spectrum_acl_tcam: Fix memory leak during rehash

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...

6.5AI Score

0.0004EPSS

2024-05-17 02:47 PM
vulnrichment
vulnrichment

CVE-2024-35854 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....

6.8AI Score

0.0004EPSS

2024-05-17 02:47 PM
nvd
nvd

CVE-2024-32826

Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-04-26 11:15 AM
cvelist
cvelist

CVE-2024-36007 mlxsw: spectrum_acl_tcam: Fix warning during rehash

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

6.3AI Score

0.0004EPSS

2024-05-20 09:48 AM
cve
cve

CVE-2024-35853

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...

6.8AI Score

0.0004EPSS

2024-05-17 03:15 PM
29
cve
cve

CVE-2024-35854

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....

6.7AI Score

0.0004EPSS

2024-05-17 03:15 PM
26
cvelist
cvelist

CVE-2021-47014 net/sched: act_ct: fix wild memory access when clearing fragments

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range...

6.7AI Score

0.0004EPSS

2024-02-28 08:13 AM
talosblog
talosblog

New Generative AI category added to Talos reputation services

Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, we're adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...

6.8AI Score

2024-05-29 04:32 PM
5
cve
cve

CVE-2021-47014

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range...

6.5AI Score

0.0004EPSS

2024-02-28 09:15 AM
1854
jvn
jvn

JVN#25594256: Denial-of-service (DoS) vulnerability in IPCOM WAF function

WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service (DoS) vulnerability (CWE-908). ## Impact If the product receives a specially crafted packet by an attacker, the system may be rebooted or suspended. ## Solution Update the firmware Update the firmware to the...

7AI Score

0.0004EPSS

2024-06-12 12:00 AM
Total number of security vulnerabilities308256