Lucene search

K

1app Technologies, Inc Security Vulnerabilities

cve
cve

CVE-2024-31394

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

6.8AI Score

0.0004EPSS

2024-05-22 05:15 AM
28
huawei
huawei

Security Advisory - Inappropriate Interface access Control Vulnerability in a Huawei PC Product

A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMRAM leaks.(Vulnerability ID:HWPSIRT-2023-98172) This vulnerability has been assigned a...

7.8CVSS

6.7AI Score

0.0004EPSS

2024-04-17 12:00 AM
9
huawei
huawei

Security Advisory - Memory Overflow Vulnerability in Some Huawei Smart Speakers

Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.(Vulnerability ID:HWPSIRT-2022-52860) This vulnerability has been assigned a...

7.2CVSS

6.9AI Score

0.0004EPSS

2024-04-17 12:00 AM
8
huawei
huawei

Security Advisory - Improper Handling of Length Parameter Inconsistency in a Huawei PC Product

A Huawei PC product is vulnerable to improper handling of length parameter inconsistency. Successful exploitation of this vulnerability can compromise the data structure stored at the beginning of SMRAM and may cause code execution in SMM.(Vulnerability ID:HWPSIRT-2023-91490) This vulnerability...

7.8CVSS

6.9AI Score

0.0004EPSS

2024-04-17 12:00 AM
11
nvd
nvd

CVE-2024-1415

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....

4.3CVSS

4.2AI Score

0.001EPSS

2024-05-02 05:15 PM
cvelist
cvelist

CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

9.8CVSS

9.9AI Score

0.001EPSS

2024-05-10 08:32 AM
1
nessus
nessus

RHEL 9 : tomcat (RHSA-2024:1134)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1134 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: HTTP request...

7.5CVSS

7.8AI Score

0.005EPSS

2024-03-05 12:00 AM
6
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

10CVSS

9.6AI Score

0.975EPSS

2024-04-02 02:44 PM
170
cve
cve

CVE-2024-29208

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi...

2.2CVSS

6.9AI Score

0.0004EPSS

2024-05-07 05:15 PM
32
nessus
nessus

RHEL 8 : tomcat (RHSA-2024:0532)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0532 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: HTTP request...

7.5CVSS

7.6AI Score

0.005EPSS

2024-01-29 12:00 AM
8
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Live2D Cubism Editor

MOC3ingbird DoS 日本語版:README_JA.md This...

8.4AI Score

2023-03-03 01:57 AM
420
openvas
openvas

SSL/TLS: Known Compromised Certificate Detection

The remote SSL/TLS service is using an SSL/TLS certificate which is known to be compromised (e.g. known private keys, used by malware,...

5.9CVSS

5.9AI Score

EPSS

2021-11-10 12:00 AM
2
cvelist
cvelist

CVE-2023-52635 PM / devfreq: Synchronize devfreq_monitor_[start/stop]

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

7.7AI Score

0.0004EPSS

2024-04-02 06:49 AM
nvd
nvd

CVE-2015-10050

A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as...

9.8CVSS

6.9AI Score

0.001EPSS

2023-01-15 06:15 PM
2
cve
cve

CVE-2007-4180

Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed...

6.7AI Score

0.007EPSS

2007-08-08 01:17 AM
21
debiancve
debiancve

CVE-2024-36919

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
4
cvelist
cvelist

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-23 06:46 AM
1
nvd
nvd

CVE-2024-4329

The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
2
cve
cve

CVE-2015-10050

A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as...

9.8CVSS

9.7AI Score

0.001EPSS

2023-01-15 06:15 PM
34
ubuntucve
ubuntucve

CVE-2024-36919

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as....

7AI Score

0.0004EPSS

2024-05-30 12:00 AM
1
cve
cve

CVE-2023-52635

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...

6.4AI Score

0.0004EPSS

2024-04-02 07:15 AM
40
cve
cve

CVE-2007-4181

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...

7.5AI Score

0.015EPSS

2007-08-08 01:17 AM
19
nessus
nessus

RHEL 7 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: segmentation fault in S_regmatch on negative backreference (CVE-2013-7422) perl: XSLoader loads...

7.8CVSS

8AI Score

0.03EPSS

2024-06-03 12:00 AM
cve
cve

CVE-2007-4525

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...

7.4AI Score

0.051EPSS

2007-08-25 12:17 AM
28
nvd
nvd

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or....

7.6AI Score

0.011EPSS

2007-08-09 09:17 PM
1
cve
cve

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or....

7.6AI Score

0.011EPSS

2007-08-09 09:17 PM
21
nvd
nvd

CVE-2007-4181

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...

7.5AI Score

0.015EPSS

2007-08-08 01:17 AM
1
nvd
nvd

CVE-2007-4180

Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed...

6.7AI Score

0.007EPSS

2007-08-08 01:17 AM
1
nvd
nvd

CVE-2024-4634

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-16 11:15 AM
nessus
nessus

RHEL 6 : squid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code ...

9.8CVSS

8.7AI Score

0.957EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : sensu (RHSA-2018:0616)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0616 advisory. Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Security Fix(es): * sensu: Password exposure in warn level log when...

9.8CVSS

9.6AI Score

0.006EPSS

2024-04-27 12:00 AM
3
nvd
nvd

CVE-2024-4700

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-21 10:15 AM
ubuntucve
ubuntucve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

7AI Score

0.0004EPSS

2024-05-30 12:00 AM
2
cvelist
cvelist

CVE-2023-52439 uio: Fix use-after-free in uio_open

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 uio_unregister_device uio_open idev = idr_find() device_unregister(&idev-&gt;dev) put_device(&idev-&gt;dev) uio_device_release ...

7.8AI Score

0.0004EPSS

2024-02-20 06:34 PM
cve
cve

CVE-2022-31734

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY...

6.1CVSS

6.1AI Score

0.001EPSS

2022-06-20 10:15 AM
39
4
cnvd
cnvd

File upload vulnerability in web-based network management system of Xinhua San Technologies Co.(CNVD-2024-18761)

Xinhua San Technology Co., Ltd. is a company that mainly provides research, development, production, sales and service of IT infrastructure products and solutions. A file upload vulnerability exists in the web-based network management system of Xinhua San Technologies Limited, which can be...

7.3AI Score

2024-03-11 12:00 AM
9
nvd
nvd

CVE-2007-4525

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...

7.4AI Score

0.051EPSS

2007-08-25 12:17 AM
debiancve
debiancve

CVE-2024-36904

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation for timewait...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
1
nvd
nvd

CVE-2022-31734

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY...

6.1CVSS

0.001EPSS

2022-06-20 10:15 AM
1
debiancve
debiancve

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses...

6.6AI Score

0.0004EPSS

2024-05-03 04:15 PM
6
ubuntucve
ubuntucve

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.3AI Score

0.0004EPSS

2024-05-03 12:00 AM
7
nessus
nessus

RHEL 8 : tomcat (RHSA-2024:3666)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3666 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

8AI Score

0.0004EPSS

2024-06-06 12:00 AM
1
nvd
nvd

CVE-2024-4277

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-14 03:43 PM
osv
osv

CVE-2023-28842

Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which.....

8.7CVSS

7.2AI Score

0.003EPSS

2023-04-04 10:15 PM
12
nessus
nessus

RHEL 7 : sensu (RHSA-2018:1112)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1112 advisory. Sensu is a monitoring framework that aims to be simple, malleable, and scalable. Security Fix(es): * Sensu's redaction function fails to handle the...

9.8CVSS

6.3AI Score

0.006EPSS

2024-04-27 12:00 AM
6
nvd
nvd

CVE-2024-4213

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...

5.3CVSS

5.6AI Score

0.0005EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2023-52439

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 uio_unregister_device uio_open idev = idr_find() device_unregister(&idev-&gt;dev) put_device(&idev-&gt;dev) uio_device_release ...

7.8CVSS

6.2AI Score

0.0004EPSS

2024-02-20 09:15 PM
584
cve
cve

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.6AI Score

0.0004EPSS

2024-05-20 10:15 AM
28
nvd
nvd

CVE-2023-2098

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be...

6.1CVSS

4.5AI Score

0.001EPSS

2023-04-15 12:15 PM
1
cve
cve

CVE-2023-2098

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be...

6.1CVSS

6AI Score

0.001EPSS

2023-04-15 12:15 PM
21
Total number of security vulnerabilities308256