Lucene search

K

1app Technologies, Inc Security Vulnerabilities

cve
cve

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access...

8.8CVSS

6.5AI Score

0.001EPSS

2024-05-02 05:15 PM
28
cvelist
cvelist

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access...

8.8CVSS

8.5AI Score

0.001EPSS

2024-05-02 04:52 PM
4
debiancve
debiancve

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses...

6.6AI Score

0.0004EPSS

2024-05-03 04:15 PM
6
nessus
nessus

RHEL 8 : tomcat (RHSA-2024:0125)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0125 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Open...

6.1CVSS

6.6AI Score

0.01EPSS

2024-01-10 12:00 AM
12
nvd
nvd

CVE-2024-4397

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level...

8.8CVSS

8.9AI Score

0.001EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2023-52439

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev->dev) uio_device_release ...

7.8CVSS

6.2AI Score

0.0004EPSS

2024-02-20 09:15 PM
584
ubuntucve
ubuntucve

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.3AI Score

0.0004EPSS

2024-05-03 12:00 AM
7
cve
cve

CVE-2022-45544

Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...

8.8CVSS

8.9AI Score

0.002EPSS

2023-02-07 04:15 PM
19
cvelist
cvelist

CVE-2024-36006 mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.4AI Score

0.0004EPSS

2024-05-20 09:48 AM
vulnrichment
vulnrichment

CVE-2024-36006 mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.8AI Score

0.0004EPSS

2024-05-20 09:48 AM
cve
cve

CVE-2023-43528

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected...

6.1CVSS

6.6AI Score

0.0004EPSS

2024-05-06 03:15 PM
23
osv
osv

CVE-2023-28842

Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which.....

8.7CVSS

7.2AI Score

0.003EPSS

2023-04-04 10:15 PM
12
nvd
nvd

CVE-2023-2098

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be...

6.1CVSS

4.5AI Score

0.001EPSS

2023-04-15 12:15 PM
1
cve
cve

CVE-2023-2098

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be...

6.1CVSS

6AI Score

0.001EPSS

2023-04-15 12:15 PM
21
cve
cve

CVE-2023-52343

In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges...

6.6AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2023-52352

In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...

6.6AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2024-31400

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded...

6.4AI Score

0.0004EPSS

2024-06-11 05:15 AM
22
packetstorm

7.4AI Score

2024-04-15 12:00 AM
79
cvelist
cvelist

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...

6.2AI Score

0.006EPSS

2023-01-02 12:00 AM
1
vulnrichment
vulnrichment

CVE-2022-48197

Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the...

5.8AI Score

0.006EPSS

2023-01-02 12:00 AM
nvd
nvd

CVE-2024-0712

A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit...

9.8CVSS

7.9AI Score

0.001EPSS

2024-01-19 02:15 PM
nvd
nvd

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

9.8CVSS

8AI Score

0.106EPSS

2023-05-11 08:15 AM
1
cve
cve

CVE-2023-2648

A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

9.8CVSS

9.4AI Score

0.106EPSS

2023-05-11 08:15 AM
38
cve
cve

CVE-2022-37019

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential...

7.7AI Score

0.0004EPSS

2024-06-10 11:15 PM
28
nvd
nvd

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

6.1CVSS

4.5AI Score

0.001EPSS

2023-06-01 07:15 AM
cve
cve

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
nessus
nessus

RHEL 7 : openstack-ironic-inspector (RHSA-2019:1722)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:1722 advisory. OpenStack Bare Metal (ironic) is a tool used to provision bare metal (as opposed to virtual) machines. It leverages common technologies such as...

9.1CVSS

9.3AI Score

0.005EPSS

2024-04-27 12:00 AM
2
nessus
nessus

RHEL 9 : tomcat (RHSA-2024:0474)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0474 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Open...

6.1CVSS

6.6AI Score

0.01EPSS

2024-01-25 12:00 AM
9
cve
cve

CVE-2023-6581

A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used....

9.8CVSS

9.6AI Score

0.001EPSS

2023-12-07 10:15 PM
15
cve
cve

CVE-2024-1351

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to...

8.8CVSS

8.6AI Score

0.0004EPSS

2024-03-07 05:15 PM
53
nvd
nvd

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip...

5.4CVSS

4.1AI Score

0.001EPSS

2023-01-02 11:15 AM
cve
cve

CVE-2019-25093

A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-02 11:15 AM
19
nessus
nessus

RHEL 6 : qemu-kvm-rhev (RHSA-2017:1441)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1441 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages...

5.5CVSS

8.1AI Score

0.002EPSS

2024-04-24 12:00 AM
3
nessus
nessus

RHEL 6 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c ...

7.8CVSS

7.7AI Score

0.018EPSS

2024-06-03 12:00 AM
cve
cve

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
cve
cve

CVE-2023-52350

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

6.7AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
cve
cve

CVE-2024-36305

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS

7.2AI Score

0.0005EPSS

2024-06-10 10:15 PM
22
nvd
nvd

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for....

7.5CVSS

7.6AI Score

0.0004EPSS

2024-05-23 07:15 AM
1
cve
cve

CVE-2024-32766

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later.....

10CVSS

9.6AI Score

0.001EPSS

2024-04-26 03:15 PM
30
cve
cve

CVE-2023-32969

A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651....

4.9CVSS

4.7AI Score

0.0004EPSS

2024-03-08 05:15 PM
33
cve
cve

CVE-2023-51365

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:.....

8.7CVSS

8.2AI Score

0.001EPSS

2024-04-26 03:15 PM
27
cve
cve

CVE-2024-0712

A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit...

9.8CVSS

9.4AI Score

0.001EPSS

2024-01-19 02:15 PM
57
nvd
nvd

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

8.8CVSS

7.3AI Score

0.001EPSS

2023-05-11 08:15 AM
cve
cve

CVE-2024-27124

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later.....

7.5CVSS

7.8AI Score

0.001EPSS

2024-04-26 03:15 PM
26
cve
cve

CVE-2024-21905

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS...

6.5CVSS

7AI Score

0.0004EPSS

2024-04-26 03:15 PM
26
cve
cve

CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-06-05 03:15 PM
24
nvd
nvd

CVE-2022-45544

Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme...

8.8CVSS

8.9AI Score

0.002EPSS

2023-02-07 04:15 PM
cve
cve

CVE-2018-25086

A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...

6.1CVSS

6AI Score

0.001EPSS

2023-06-01 07:15 AM
12
nessus
nessus

RHEL 9 : tomcat (RHSA-2024:3308)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3308 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * Apache Tomcat:...

7.7AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
Total number of security vulnerabilities308256