Exploit for Improper Privilege Management in Sudo Project Sudo
CVE-2023-22809 CVE-2023-22809 is a critical...
7.8CVSS
8.3AI Score
0.001EPSS
Exploit for Expression Language Injection in Atlassian Confluence Data Center
Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code...
9.8CVSS
10.6AI Score
0.975EPSS
Mitsubishi Electric Automation MC-WorX Suite Detection
Mitsubishi Electric Automation MC-WorX, a suite of software modules for data visualization and SCADA applications, is installed on the remote Windows...
2.4AI Score
Zimbra Collaboration Server Web Detection
The web interface for Zimbra Collaboration Server, an open source messaging and collaboration solution, was detected on the remote host. Note the plugin attempts to retrieve the version information without credentials. However, if HTTP Basic credentials are supplied then an attempt to retrieve the....
1.8AI Score
In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after turning off slot...
6.5AI Score
0.0004EPSS
Zimbra Collaboration Server Installed (Linux / Unix)
Zimbra Collaboration Server, an open source messaging and collaboration application is installed on the remote Linux / Unix...
1.2AI Score
[SECURITY] Fedora 40 Update: tomcat-9.0.89-1.fc40
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and...
7AI Score
0.0004EPSS
Exploit for Unprotected Alternate Channel in Cisco Ios Xe
CVE-2023-20198 Exploit PoC for CVE-2023-20198 Description...
10CVSS
8.1AI Score
0.848EPSS
According to its self-reported version, the remote Cisco Firepower Threat Defense Software is affected by a denial of service (DoS) vulnerability, due to incomplete error checking when parsing HTTP headers. An unauthenticated, remote attacker can exploit this issue, via specially crafted HTTP...
8.6CVSS
8.7AI Score
0.002EPSS
According to its self-reported version, the remote Cisco ASA Software is affected by a denial of service (DoS) vulnerability, due to incomplete error checking when parsing HTTP headers. An unauthenticated, remote attacker can exploit this issue, via specially crafted HTTP request, to cause the...
8.6CVSS
8.7AI Score
0.002EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through...
4.3CVSS
7.8AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through...
6.3CVSS
7.8AI Score
0.001EPSS
Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later...
6.1CVSS
6.1AI Score
0.003EPSS
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation...
7.5CVSS
9.3AI Score
0.001EPSS
Microsoft SharePoint - Remote Code Execution
Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application...
8.6CVSS
8.6AI Score
0.909EPSS
I take no Liability & Warranty on this script please fully test...
4.6CVSS
4.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after turning off slot...
6.8AI Score
0.0004EPSS
Apache OFBiz < 18.12.11 - Server Side Request Forgery
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes...
7.5CVSS
7.5AI Score
0.269EPSS
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through...
8.1CVSS
7.3AI Score
0.001EPSS
Intel PROSet/Wireless WiFi and Bluetooth May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Bluetooth® products, which might allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...
8.2CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to...
7AI Score
0.0004EPSS
GlobalProtect - OS Command Injection
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama...
10CVSS
9.9AI Score
0.957EPSS
Webmin <1.997 - Authenticated Remote Code Execution
Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a...
9.8CVSS
10AI Score
0.969EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later...
7.5CVSS
7.1AI Score
0.001EPSS
Jellyfin 10.7.2 - Server Side Request Forgery
Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl...
5.8CVSS
5.8AI Score
0.002EPSS
Json-smart is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays.....
7.5CVSS
7.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
7AI Score
0.0004EPSS
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not...
6.5CVSS
6.9AI Score
0.001EPSS
Malicious code in @elza/auto-route-plugin (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c0394416e392791c5f23be36b82f8800fa29bfd1381f8be67c7362338279c0d2) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Cisco IOS XE Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an...
8.6CVSS
7.4AI Score
0.0004EPSS
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. Notes Author| Note ---|--- mdeslaur |.....
6.5CVSS
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: ghostscript-10.02.1-9.fc40
This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript (PS) and Portable Document Format (PDF) page...
7AI Score
EPSS
Silverstripe XSS In FormAction
A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be...
6.4AI Score
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...
6.4AI Score
Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround...
6.5CVSS
6.8AI Score
0.001EPSS
Malicious code in @elza/keepalive (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (36898e173038cb4c2df4e969d539b9594821fc6f2c6b1c8750d717d5f637eea4) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f27363cd295f9de7f2296d9c6b6d0f18222d76ff8947d98657340216d7c80efb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in nodem0m (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ae93a7345bbc51bd2c0a267dc582cf90302284606b0f569ae06f4dc6a26f801a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...
9.1CVSS
6.6AI Score
0.001EPSS
Malicious code in desain (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (13494704f154bacb5f2fc638287da1fe39acad551f086f8b5957f633ab310553) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this...
7.5CVSS
7.1AI Score
0.001EPSS
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (5c297dbb19c09d8f71ccdbc712626dbf279bb972fe57afe0c04dc8e27f723a9b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...
9.1CVSS
7.1AI Score
0.001EPSS
Malicious code in nt4padyp (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (813b8cef8cb7a828bbbf2b8edb29b1bbba72c65e7654fe80f07a80398a9e5133) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine Servicedesk Plus
CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077:...
9.8CVSS
9.4AI Score
0.974EPSS
NodeBB XML-RPC Request xmlrpc.php - XML Injection
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...
9.8CVSS
9.9AI Score
0.287EPSS
Malicious code in mediaa (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (51b2ce3294e1295bc15a9a9967ceaa66afaddf19884a6ca9ad9fdf2c28bc2526) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Software: man-db 2.7.6.1 OS: ROSA Virtualization 2.1 package_evr_string: man-db-2.7.6.1 CVE-ID: CVE-2018-25078 BDU-ID: None CVE-Crit: N/A CVE-DESC.: man-db in Gentoo allows local users (with access to the man user account) to gain root privileges, because /usr/bin/mandb is executed by the root...
7.8CVSS
7.8AI Score
0.0004EPSS
XSRF Security Token Missing when clicking on Contact an administrator
h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : # Chrome Version 54.0.2840.59 (64-bit) # Firefox 49.0 h3. Steps to Reproduce # Configure Outgoing Mail # Enable Contact Administrators Form from General...
0.2AI Score