Lucene search

K

1app Technologies, Inc Security Vulnerabilities

cve
cve

CVE-2023-43543

Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph...

6.7CVSS

7.3AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
cve
cve

CVE-2023-43525

Memory corruption while copying the sound model data from user to kernel buffer during sound model...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-06 03:15 PM
25
wpvulndb
wpvulndb

GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization

Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-04-23 12:00 AM
7
cve
cve

CVE-2023-2098

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be...

6.1CVSS

6AI Score

0.001EPSS

2023-04-15 12:15 PM
21
nvd
nvd

CVE-2023-2098

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be...

6.1CVSS

4.5AI Score

0.001EPSS

2023-04-15 12:15 PM
1
nessus
nessus

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-flask) (RHSA-2023:3446)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3446 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form ...

7.5CVSS

7.9AI Score

0.002EPSS

2024-04-28 12:00 AM
4
cve
cve

CVE-2023-43512

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-01-02 06:15 AM
36
cve
cve

CVE-2024-37881

SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a...

6.8AI Score

0.0004EPSS

2024-06-19 07:15 AM
34
cve
cve

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-02 11:15 AM
19
nvd
nvd

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip...

5.4CVSS

4.1AI Score

0.001EPSS

2023-01-02 11:15 AM
cve
cve

CVE-2024-20066

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID:...

6.9AI Score

0.0004EPSS

2024-06-03 02:15 AM
26
cve
cve

CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS

7.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
nessus
nessus

RHEL 9 : tomcat (RHSA-2024:3308)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3308 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

7.7AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
cve
cve

CVE-2022-45544

Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...

8.8CVSS

8.9AI Score

0.002EPSS

2023-02-07 04:15 PM
19
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4j2-CVE-2021-44228-revshell Usage For...

10CVSS

10AI Score

0.976EPSS

2021-12-14 05:24 AM
302
cve
cve

CVE-2023-41273

A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533...

7.2CVSS

7.1AI Score

0.001EPSS

2024-02-02 04:15 PM
8
cve
cve

CVE-2023-45028

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the...

5.5CVSS

4.9AI Score

0.0004EPSS

2024-02-02 04:15 PM
14
cve
cve

CVE-2024-21900

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and...

6.5CVSS

6.5AI Score

0.0005EPSS

2024-03-08 05:15 PM
44
cve
cve

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

6.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
21
cve
cve

CVE-2024-32849

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its...

7.8CVSS

6.6AI Score

0.0005EPSS

2024-06-10 10:15 PM
21
nvd
nvd

CVE-2024-4277

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
nvd
nvd

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....

4.3CVSS

4.2AI Score

0.001EPSS

2024-05-02 05:15 PM
nessus
nessus

Oracle Linux 7 : libreoffice (ELSA-2024-3304)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3304 advisory. [1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-24 12:00 AM
9
cve
cve

CVE-2024-20067

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID:...

6.9AI Score

0.0004EPSS

2024-06-03 02:15 AM
23
cve
cve

CVE-2023-6581

A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used....

9.8CVSS

9.6AI Score

0.001EPSS

2023-12-07 10:15 PM
15
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

10CVSS

9.6AI Score

0.976EPSS

2024-04-02 02:44 PM
171
cve
cve

CVE-2024-0712

A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit...

9.8CVSS

9.4AI Score

0.001EPSS

2024-01-19 02:15 PM
59
nvd
nvd

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS

7.3AI Score

0.001EPSS

2023-05-11 08:15 AM
cve
cve

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

6.1CVSS

6AI Score

0.001EPSS

2023-06-01 07:15 AM
12
nessus
nessus

RHEL 9 : toolbox (RHSA-2024:2160)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2160 advisory. Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of...

6.1CVSS

7.9AI Score

0.001EPSS

2024-04-30 12:00 AM
9
nvd
nvd

CVE-2024-0712

A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit...

9.8CVSS

7.9AI Score

0.001EPSS

2024-01-19 02:15 PM
cve
cve

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

9.8CVSS

9.4AI Score

0.106EPSS

2023-05-11 08:15 AM
38
nvd
nvd

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

9.8CVSS

8AI Score

0.106EPSS

2023-05-11 08:15 AM
1
nvd
nvd

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

6.1CVSS

4.5AI Score

0.001EPSS

2023-06-01 07:15 AM
cve
cve

CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

8.1CVSS

4.7AI Score

0.001EPSS

2024-06-05 03:15 PM
28
nvd
nvd

CVE-2022-45544

Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...

8.8CVSS

8.9AI Score

0.002EPSS

2023-02-07 04:15 PM
nvd
nvd

CVE-2024-4041

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS

6.3AI Score

0.001EPSS

2024-05-14 03:42 PM
3
nvd
nvd

CVE-2024-35854

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....

6.4AI Score

0.0004EPSS

2024-05-17 03:15 PM
1
cve
cve

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

6.6AI Score

0.0004EPSS

2024-05-20 10:15 AM
28
nvd
nvd

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

6.3AI Score

0.0004EPSS

2024-05-20 10:15 AM
cve
cve

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.4AI Score

0.0004EPSS

2024-05-03 04:15 PM
36
cvelist
cvelist

CVE-2022-48702 ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

7.5AI Score

0.0004EPSS

2024-05-03 03:13 PM
1
nvd
nvd

CVE-2024-35853

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...

6.6AI Score

0.0004EPSS

2024-05-17 03:15 PM
vulnrichment
vulnrichment

CVE-2022-48702 ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.7AI Score

0.0004EPSS

2024-05-03 03:13 PM
1
ubuntucve
ubuntucve

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.3AI Score

0.0004EPSS

2024-05-03 12:00 AM
7
cve
cve

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS

8.9AI Score

0.001EPSS

2023-05-11 08:15 AM
113
nvd
nvd

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-23 07:15 AM
1
ubuntucve
ubuntucve

CVE-2021-47552

In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in.....

6.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
cve
cve

CVE-2023-41290

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...

4.1CVSS

6.3AI Score

0.0004EPSS

2024-04-26 03:15 PM
25
nessus
nessus

openSUSE Security Update : gitolite (openSUSE-2019-754)

This update for gitolite fixes the following issues : Gitolite was updated to 3.6.9 : CVE-2018-16976: prevent racy access to repos in process of migration to gitolite (boo#1108272) 'info' learns new '-p' option to show only physical repos (as opposed to wild repos) The update to...

8.1CVSS

7.9AI Score

0.001EPSS

2019-03-27 12:00 AM
8
Total number of security vulnerabilities308550