Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...
8.6CVSS
7.3AI Score
0.001EPSS
CVE-2024-0496 Kashipara Billing Software HTTP POST Request item_list_edit.php sql injection
A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...
6.3CVSS
7.5AI Score
0.001EPSS
Using Object Storage with Veeam Products
Support for S3 and S3-compatible, versioning is not required unless using object lock. With Azure Blob versioning, soft-delete, change feed, point in time restore, and immutability are not...
2.7AI Score
NetworkManager-libreswan bug fix update
An update is available for NetworkManager-libreswan. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package contains software for integrating the...
7.3AI Score
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...
6.5CVSS
7.2AI Score
0.0004EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...
6.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->...
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
8.7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: moodle-4.3.5-1.fc40
Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning...
6.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through...
5.3CVSS
6.7AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through...
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2024-29773 WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
Cisco Adaptive Security Appliance Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...
8.6CVSS
7.3AI Score
0.001EPSS
Malicious code in binance-price (npm)
-= Per source details. Do not edit below this line.=- Source: checkmarx (421081a4101ed61796fd72e7dec62cafa098a1d01934298a2ef82ef7187c4934) Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
7.2AI Score
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.4CVSS
5.2AI Score
0.0004EPSS
Reprise License Manager 14.2 - Information Disclosure
Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory...
5.3CVSS
5.4AI Score
0.053EPSS
In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...
6.3AI Score
0.0004EPSS
Malicious code in pyclack (PyPI)
-= Per source details. Do not edit below this line.=- Source: checkmarx (a5bbfd7bb3c6e08fcaab006836d25519f6f790a3e647e64dd210e0b6f464d490) Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host...
7.2AI Score
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of...
7.5CVSS
7.5AI Score
0.002EPSS
Infinite Loop vulnerability in Jira Service Management Data Center and Server
This vulnerability, with a CVSS Score of 7.5, contains an iteration or loop with an exit condition that cannot be reached. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. The software's operation may slow down,....
7AI Score
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in...
5.5CVSS
9.1AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Malicious code in pywool (PyPI)
-= Per source details. Do not edit below this line.=- Source: checkmarx (1ba602a97accda8e614fcf38d1af1cb7f1878bf2bd450b21f1be16a4c260123a) Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host...
7.2AI Score
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...
8.2CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
8.3AI Score
0.0004EPSS
Exploit for OS Command Injection in Fortinet Fortisiem
CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order...
10CVSS
8.1AI Score
0.001EPSS
Exploit for SQL Injection in Progress Moveit Cloud
CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit...
9.8CVSS
8.4AI Score
0.969EPSS
Malicious code in pywolle (PyPI)
-= Per source details. Do not edit below this line.=- Source: checkmarx (022272b8427ab42c0c793e5ec56175de59c7f142f82db252e890e9782845d762) Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host...
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->...
0.0004EPSS
Exploit for Server-Side Request Forgery in Anyscale Ray
PoC for a remote command execution vulnerability in Ray...
9.8CVSS
7.9AI Score
0.014EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
Console Error - Failed to connect to Veeam Backup & Replication Server
Console Error - Failed to connect to Veeam Backup & Replication...
1.9AI Score
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to.....
4.9CVSS
7AI Score
0.001EPSS
Malicious code in coingecko-price (npm)
-= Per source details. Do not edit below this line.=- Source: checkmarx (06ba52961b5d886349fdb5a7c3e6362cedaaa64cb5857d5645d7360a68d133d1) Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
7.2AI Score
Exploit for Improper Authentication in Fortinet Fortiproxy
CVE-2022-40684 POC for CVE-2022-40684 affecting Fortinet...
9.8CVSS
10AI Score
0.972EPSS
8.8AI Score
EPSS
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2...
9.8CVSS
6.9AI Score
0.002EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...
9.8CVSS
9.8AI Score
0.938EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...
8.2CVSS
8.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
Reprise License Manager 14.2 - Cross-Site Scripting
Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is...
6.1CVSS
6.2AI Score
0.003EPSS
7.1AI Score
Malicious code in pywhool (PyPI)
-= Per source details. Do not edit below this line.=- Source: checkmarx (54738d1aef580f087fec1311b411aa6ddd2d7affb4b44353dd7f3d6a569a0ed9) Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host...
7.2AI Score
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without...
7.5CVSS
6.8AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version...
9.1CVSS
7.1AI Score
0.0005EPSS
CVE-2024-26229 Beacon Object Files Beacon Object File (BOF)...
7.8CVSS
7.8AI Score
0.0004EPSS