XSRF Security Token Missing when clicking on Contact an administrator
h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : # Chrome Version 54.0.2840.59 (64-bit) # Firefox 49.0 h3. Steps to Reproduce # Configure Outgoing Mail # Enable Contact Administrators Form from General...
0.2AI Score
Silverstripe XSS In GridField print
A cross-site scripting vulnerability has been discovered in the print view of GridField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used. This has been resolved by...
6.3AI Score
Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 package_evr_string: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users (with access to the man user account) to gain root privileges, because /usr/bin/mandb is executed by the root...
7.8CVSS
7.8AI Score
0.0004EPSS
GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to...
6.5CVSS
6.4AI Score
0.001EPSS
GeoServer WPS - Server Side Request Forgery
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request.....
9.8CVSS
9.1AI Score
0.136EPSS
Silverstripe X-Forwarded-Host request hostname injection
A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...
7.3AI Score
Malicious code in pwi-cfa-components (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (2d39aaa33ecd66d4aac0437e45aa6a1cddcc74bb7ed416f6b33c3a7151cbc035) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
7.3AI Score
An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the...
7AI Score
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...
9.8CVSS
7.5AI Score
0.001EPSS
Exploit for Path Traversal in Wso2 Api Manager
CVE-2022-29464 LOADER Install and execute the app on the...
9.8CVSS
9.8AI Score
0.973EPSS
Malicious code in rb-fare-breakup (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (25a5d54730dc9f0fde2c00fc22012602258fa2002141d77e8c09f61347a82e33) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in detailimg (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (958f4802417b38ff187c6ffabc2a2c4d67c00b02a96c531501b5d899b5e70232) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in desainlgo (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (6816a9ebbf76b673c2d99001909e8619eafde9886f10ecd02fada3b816e86908) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in stylee-logo (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b57b986ab11403a14ac18370067dd40fc0a3deca0e7580b55605078ea441e720) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
[SECURITY] Fedora 40 Update: efifs-1.9-6.fc40
Free software EFI/UEFI standalone file system drivers, based on the GRUB 2.0 read-only drivers: AFFS (Amiga Fast FileSystem), BFS (BeOS FileSystem), btr fs, exFAT, ext2/ext3/ext4, F2FS (experimental), HFS and HFS+ (Mac OS, including the compression support), ISO9660, JFS (Journaled FileSystem),...
6CVSS
6.2AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: efifs-1.9-6.fc39
Free software EFI/UEFI standalone file system drivers, based on the GRUB 2.0 read-only drivers: AFFS (Amiga Fast FileSystem), BFS (BeOS FileSystem), btr fs, exFAT, ext2/ext3/ext4, F2FS (experimental), HFS and HFS+ (Mac OS, including the compression support), ISO9660, JFS (Journaled FileSystem),...
6CVSS
6.2AI Score
0.0004EPSS
Silverstripe XSS In FormAction
A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be...
6.4AI Score
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...
6.4AI Score
Malicious code in vivid_framework (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (2010f8d2281230e81c4e7549be2af22ce8a41d11b5ae8d1920eb69b3aece581b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in logooo (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f609b1731a83d9360a1399bb75931accaed83e36b964fd2778b16388a9ddd520) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in logo-stylee (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d393decd83d9e9777b1412a8994e72ccb1fdccc3a8157a431f4e72fe8553e717) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service vulnerability in the network stack due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An unauthenticated,...
5.3CVSS
5.5AI Score
0.015EPSS
Silverstripe framework is vulnerable to XSS in install.php
During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production...
6.9AI Score
Silverstripe XSS in dev/build returnURL Parameter
A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable...
6AI Score
TIBCO Security Advisory: May 14, 2024 - TIBCO Hawk - CVE-2024-3182
**TIBCO Hawk install-time password disclosure vulnerability ** Original release date: May 14, 2024 Last revised: --- CVE-2024-3182 Source: TIBCO Software Inc. Products Affected TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3. Component Affected: TIBCO Hawk Universal Installer including the...
6.5CVSS
6.9AI Score
0.0004EPSS
Malicious code in corraldev-activationsvc (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (783e4eb475d74b1b4adc4aa4851393ded5ef222b3779734a8b1e4fe125605c6d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions...
7.5CVSS
6.6AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: tomcat-9.0.89-1.fc39
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and...
6.7AI Score
0.0004EPSS
Malicious code in desainnew (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (01bf842f0425d57bc046f2dfe5ca780425c5c598cddf38891bcb48821a75920a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in imageg (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (df52076c4f31a1cfa37f150398316cecaf3fa4608747f701714ca329d155e6b8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : TPM2 Software Stack vulnerabilities (USN-6796-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6796-1 advisory. Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use...
6.4CVSS
8.2AI Score
EPSS
Malicious code in elasticsearch-client-specification (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (135b81ee4c5cd6816ab6d993d70f307d56438812d60a3364b38638cc80b4ce68) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
[SECURITY] Fedora 40 Update: rust-routinator-ui-0.3.4-2.fc40
Web UI for Routinator, a RPKI relying party...
7.3AI Score
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
7.5CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required...
6.6AI Score
0.0004EPSS
GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the...
6.8CVSS
6.6AI Score
0.001EPSS
IBM Tivoli Storage Manager Client Installed (Linux)
IBM Tivoli Storage Manager Client, a backup management client, is installed on the remote Linux...
1.2AI Score
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version...
8.1CVSS
6.9AI Score
0.001EPSS
Malicious code in imagezz (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (99e6c0c1f9b6bc126d4f60e6fd0d83e2bdebb10bb44f0dd42b05f34923935e0e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard....
4.8CVSS
7.2AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....
6.5CVSS
7AI Score
0.0005EPSS
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...
7.5CVSS
6.2AI Score
0.0004EPSS
Silverstripe XSS in dev/build returnURL Parameter
A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable...
6AI Score
Silverstripe XSS In GridField print
A cross-site scripting vulnerability has been discovered in the print view of GridField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used. This has been resolved by...
6.3AI Score
Version rollback attack in github.com/theupdateframework/go-tuf
The TUF client is vulnerable to rollback attacks, in which an attacker causes a client to install software older than the software the client previously knew to be...
8.8CVSS
8.5AI Score
0.002EPSS
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d55b817c75eb4e4cbea58f640b87c52fd65b16657f129f68a7fb53a604fde7f8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the....
6.4AI Score
0.0004EPSS
Silverstripe XSS In FormAction
A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be...
6.4AI Score
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...
6.4AI Score