A vulnerability in the HTTP2 protocol implementation (network/access/http2/hpacktable.cpp) of the cross-platform Qt software development framework is related to an integer overflow resulting from a a change in the typical order of expressions in a conditional statement ("Yoda conditions")....
9.8CVSS
6.9AI Score
0.001EPSS
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to...
8.1CVSS
7.7AI Score
0.001EPSS
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or...
6.5CVSS
7.1AI Score
0.015EPSS
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...
9.1CVSS
7.4AI Score
0.001EPSS
Silverstripe XSS In GridField print
A cross-site scripting vulnerability has been discovered in the print view of GridField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used. This has been resolved by...
6.3AI Score
Version rollback attack in github.com/theupdateframework/go-tuf
The TUF client is vulnerable to rollback attacks, in which an attacker causes a client to install software older than the software the client previously knew to be...
8.8CVSS
8.5AI Score
0.002EPSS
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d55b817c75eb4e4cbea58f640b87c52fd65b16657f129f68a7fb53a604fde7f8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
IBM Endpoint Manager Enrollment and Apple iOS Management Extender Detection
The remote host is running IBM Endpoint Manager Enrollment and Apple iOS Management Extender. These are web application components included with IBM Endpoint Manager for Mobile...
1.1AI Score
Silverstripe XSS in dev/build returnURL Parameter
A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. This issue is resolved in framework 3.1.14 stable...
6AI Score
Malicious code in legacyreact-aws-s3-typescript (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (60942b87c6d2334d09d059276cc2d838002e2e0f5093e53fc6819e1972e02282) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in @yashorg/frontend-logger (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ff07f4f96c73a58bf8e1069d844465549fbe1c2a9dd169ef994b1124c5a143e3) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
IBM General Parallel File System Detection
IBM General Parallel File System is installed on the remote Windows...
2AI Score
An update is available for dotnet6.0. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET Core is a managed-software framework. It implements a subset of the...
7AI Score
Silverstripe XSS In FormAction
A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be...
6.4AI Score
Album and Image Gallery plus Lightbox < 2.1 - Unauthenticated Arbitrary Shortcode Execution
Description The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
6.5CVSS
7.5AI Score
0.001EPSS
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...
6.4AI Score
Silverstripe X-Forwarded-Host request hostname injection
A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as....
7AI Score
0.0004EPSS
Malicious code in djangosnippets.org (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c166a453b773becdea05dfd92ed988141528a96f6dc77e8435f871c68c0d3f1b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in dependences (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (01937c3da9bea8e85a1f2b11953989f03d30855db63d1feaca17c660227a83c5) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in...
5.5CVSS
6.6AI Score
0.001EPSS
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...
7.5CVSS
7.1AI Score
0.002EPSS
7.4AI Score
Summary There are vulnerabilities in Apache Commons Configuration and Fasterxml jackson-databind used by Install Agent, Integrated File Agent and Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the...
4.7CVSS
10AI Score
0.0004EPSS
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or...
7.5CVSS
7.1AI Score
0.023EPSS
Malicious code in code.cloudflare.ajax (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (5869f17e67758b1fd6d47d84b2ab8d46f7912558ed8120de69bfc64ed5c0063d) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in workerd-root (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (864f13e0626ddbb05fb951a4a4217000d4d74c0e9935d0ca041b22f805b1ff98) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in noblox.js-proxy-agent (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (49cb85854d6a908a38177c4a3c30ac7dd724e1f892e3fbfcb26bb3a146ad2dc7) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in asf-recorder (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0170c1a6080f641f60e56118c5047b047d529133a2aa949043ed62e0bac90488) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in asf-renderer (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (df408055de1ea1703a4d69234f7368c69466b2b470ce427a528fbe996a3f1e08) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in nppe_ttt_datalayer (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c2cf2a52144e733f43888ec1331ac75fdfcffbf961c5e8879245feddb3360331) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in dell-ui-bootstrap (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b3c479c9bdd98cd009ae28c56a47f3ef7dd2dda6d6e96abbdfc86905f79f557b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in v2-core (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (51e0286004b6b184a7ae2c0a7110095cd51122ae1c9ccc69db8d1bfd7380dfed) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in core-webpack (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (6b8224957c90ee66ed3cc6af4e8b300d5eb082f8368f94b725e53bbfed9ccbf2) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in exel-js (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (b6083dc24b3cdb6bfd02f5426aa373f2425aab6e9508e12255fc1e08133809bc) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
TIBCO JasperReports Library - Directory Traversal
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...
6.5CVSS
6.6AI Score
0.503EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade...
3.3CVSS
7.1AI Score
0.0004EPSS
An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN...
9.8CVSS
9.1AI Score
0.001EPSS
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if.....
5.3CVSS
6AI Score
0.0004EPSS
Koha 3.20.1 - Directory Traversal
Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2)...
7.5CVSS
7.4AI Score
0.016EPSS
WooCommerce - Social Login < 2.6.3 - Unauthenticated PHP Object Injection
Description The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a.....
9.8CVSS
7.4AI Score
0.001EPSS
Malicious code in ozonid (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (434f32feef52077406cbebac21bd52caaa41481baf68aeebb0daf1edf7783269) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in blueprint-org-planning-app-adp-wrapper (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (9ce904784ecde9ca4b860730c45d27dbca01912380066fe5415b10d3f17f0af8) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in atoz-attendance-app (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ff390162beebf06ba564766a3ffc0a06c520792994c16cba3ea0d97ea64d1f29) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in virtuoso-web-chat (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....
6.5CVSS
6.6AI Score
0.0005EPSS
ZoneMinder Snapshots - Command Injection
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...
9.8CVSS
8.3AI Score
0.966EPSS
Malicious code in ozon-js (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e6a05e800a141f7c456358b5d20b4e3cebc65f9d0229d0024fae5b1e51ed1e51) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in ato-z-web-identity-components-app-cdk-adp-wrapper (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c33c62d31d74de8fa6a7a3911507ce9a8d513bccb45ff1b51b7fbb9068920d3e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
IBM Rational Collaborative Lifecycle Management Installed
IBM Rational Collaborative Lifecycle Management, a software development management application, is installed on the remote Windows...
1.8AI Score