Lucene search

K

B&R Security Vulnerabilities

githubexploit

8.2AI Score

2022-02-13 12:05 AM
469
vulnrichment
vulnrichment

CVE-2024-27005 interconnect: Don't access req_list while it's being manipulated

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to...

6.7AI Score

0.0004EPSS

2024-05-01 05:28 AM
cvelist
cvelist

CVE-2024-4044 Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger...

7.8CVSS

8AI Score

0.001EPSS

2024-05-10 02:59 PM
nuclei
nuclei

LumisXP <10.0.0 - Blind XML External Entity Attack

LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XML external entity (XXE) attacks via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of...

9.1CVSS

9AI Score

0.574EPSS

2021-11-25 03:39 PM
9
osv
osv

Important: edk2 security update

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235) EDK2: heap...

8.8CVSS

7.1AI Score

0.006EPSS

2024-05-22 12:00 AM
4
nvd
nvd

CVE-2023-52488

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from raw to noinc regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent ($00), followed by all the FIFO data without having to...

7.4AI Score

0.0004EPSS

2024-03-11 06:15 PM
osv
osv

Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit &lt;= 6.6.0 In Eclipse JGit, all versions &lt;= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensiti...

8.8CVSS

8.8AI Score

0.001EPSS

2023-09-18 03:30 PM
15
githubexploit
githubexploit

Exploit for CVE-2022-4060

UPGer | CVE-2022-4060 - User Post Gallery Automatic Mass Tool...

9.7AI Score

2023-09-15 09:38 PM
432
cve
cve

CVE-2023-35192

Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-16 09:15 PM
24
zdt
zdt

Aquatronica Control System 5.1.6 Password Disclosure Exploit

Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords....

7.5AI Score

2024-06-02 12:00 AM
10
githubexploit
githubexploit

Exploit for Code Injection in Apache Airflow

Apache Airflow &lt; 2.4.0 RCE (CVE-2022-40127) **PoC for...

8.8CVSS

9AI Score

0.371EPSS

2023-07-21 12:55 PM
186
cve
cve

CVE-2023-47855

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

6CVSS

6.6AI Score

0.0004EPSS

2024-05-16 09:16 PM
33
nvd
nvd

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

7.7AI Score

0.0004EPSS

2024-05-16 09:15 PM
cve
cve

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

6.5AI Score

0.0004EPSS

2024-05-16 09:15 PM
35
vulnrichment
vulnrichment

CVE-2023-35192

Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7.1AI Score

0.0004EPSS

2024-05-16 08:47 PM
1
nvd
nvd

CVE-2023-47855

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

6CVSS

6.5AI Score

0.0004EPSS

2024-05-16 09:16 PM
amazon
amazon

Important: microcode_ctl

Issue Overview: 2024-05-09: CVE-2021-33117 was added to this advisory. A flaw was found in microcode. Under complex microarchitectural conditions, an unexpected code breakpoint may cause a system hang. The hang was observed on a Skylake server processor, and subsequent analysis indicated...

6.8CVSS

7.2AI Score

0.001EPSS

2022-03-07 11:34 PM
5
githubexploit
githubexploit

Exploit for CVE-2024-27697

FuguHub 8.4 Authenticated RCE Fuguhub is a Cloud Media...

8.8AI Score

EPSS

2024-03-09 10:24 PM
26
cvelist
cvelist

CVE-2023-35192

Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

6.7AI Score

0.0004EPSS

2024-05-16 08:47 PM
exploitdb

7.4AI Score

2024-05-31 12:00 AM
37
githubexploit
githubexploit

Exploit for Code Injection in Apache Airflow

Apache Airflow &lt; 2.4.0 RCE (CVE-2022-40127) **PoC for...

8.8CVSS

9AI Score

0.371EPSS

2023-07-21 12:55 PM
115
nessus
nessus

openSUSE Security Update : python-python-gnupg (openSUSE-2019-143)

This update for python-python-gnupg to version 0.4.4 fixes the following issues : Security issue fixed : CVE-2019-6690: Added a check to disallow certain control characters ('\r', '\n', NUL) in passphrases ...

7.5CVSS

7.5AI Score

0.013EPSS

2019-02-07 12:00 AM
24
cve
cve

CVE-2021-20599

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

9.1CVSS

7.4AI Score

0.003EPSS

2021-10-14 03:15 PM
52
vulnrichment
vulnrichment

CVE-2021-20599

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

9.1CVSS

6.7AI Score

0.003EPSS

2021-10-14 12:00 AM
packetstorm

7.4AI Score

2024-05-30 12:00 AM
38
githubexploit
githubexploit

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit Tool 🚀 Description 📝 This tool 🛠️...

10CVSS

8.6AI Score

0.001EPSS

2024-02-22 10:53 AM
308
cvelist
cvelist

CVE-2021-20599

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

9.1CVSS

9.3AI Score

0.003EPSS

2021-10-14 12:00 AM
githubexploit
githubexploit

Exploit for Exposure of Private Personal Information to an Unauthorized Actor in Easyappointments

CVE-2022-0482 Vulnerability Exploitation Introduction This...

9.1CVSS

9.3AI Score

0.182EPSS

2024-04-22 11:10 AM
93
cve
cve

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-02-13 07:15 AM
21
githubexploit
githubexploit

Exploit for CVE-2024-23692

Rejetto HTTP File Server (HFS) 未授权 RCE 漏洞复现 (CVE-2024-23692)...

9.8CVSS

7AI Score

0.002EPSS

2024-06-13 09:12 AM
52
zdt
zdt

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...

10CVSS

7AI Score

0.003EPSS

2024-06-02 12:00 AM
14
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228 Remote Code Injection In Log4j...

10CVSS

10AI Score

0.976EPSS

2021-12-10 05:23 AM
928
githubexploit
githubexploit

Exploit for Path Traversal in Vmware Cloud Foundation

![vckiller](https://socialify.git.ci/Schira4396/VcenterKiller/im......

7.2AI Score

2022-10-04 03:39 AM
43
cve
cve

CVE-2023-32282

Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...

7.2CVSS

7AI Score

0.0004EPSS

2024-03-14 05:15 PM
32
githubexploit
githubexploit

Exploit for Cross-site Scripting in Helpsystems Cobalt Strike

CVE-2022-39197-RCE First This project was modified from...

6.1CVSS

AI Score

0.008EPSS

2022-10-22 10:11 AM
241
cve
cve

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

5.4AI Score

0.0004EPSS

2024-05-16 09:15 PM
35
githubexploit
githubexploit

Exploit for Cleartext Transmission of Sensitive Information in Keepass

KeePass 2.X Master Password Dumper...

7.4AI Score

2023-05-01 05:08 PM
423
zeroscience
zeroscience

Aquatronica Control System 5.1.6 Passwords Leak Vulnerability

Title: Aquatronica Control System 5.1.6 Passwords Leak Vulnerability Advisory ID: ZSL-2024-5824 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release Date:...

7.5AI Score

2024-05-30 12:00 AM
46
vulnrichment
vulnrichment

CVE-2024-35796 net: ll_temac: platform_get_resource replaced by wrong function

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

6.9AI Score

0.0004EPSS

2024-05-17 01:23 PM
githubexploit
githubexploit

Exploit for CVE-2023-50685

Hipcam RealServer/V1.0 RTSP Format Validation Vulnerability...

7.2AI Score

2023-12-10 01:21 PM
44
cvelist
cvelist

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-02-13 06:27 AM
debiancve
debiancve

CVE-2024-27005

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to...

6.5AI Score

0.0004EPSS

2024-05-01 06:15 AM
5
nvd
nvd

CVE-2022-33324

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...

7.5CVSS

0.002EPSS

2022-12-23 03:15 AM
arista
arista

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

7AI Score

EPSS

2024-06-25 12:00 AM
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228(Apache Log4j Remote Code Execution) [all...

10CVSS

10AI Score

0.976EPSS

2021-12-09 03:27 PM
330
debiancve
debiancve

CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds...

6.5AI Score

0.0004EPSS

2024-05-20 10:15 AM
1
cve
cve

CVE-2023-39368

Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...

6.5CVSS

6.3AI Score

0.001EPSS

2024-03-14 05:15 PM
41
cve
cve

CVE-2023-43487

Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

6.5AI Score

0.0004EPSS

2024-05-16 09:15 PM
23
ubuntucve
ubuntucve

CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a.....

6.4AI Score

0.0004EPSS

2024-05-20 12:00 AM
3
ubuntucve
ubuntucve

CVE-2024-27005

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to...

6.3AI Score

0.0004EPSS

2024-05-01 12:00 AM
3
Total number of security vulnerabilities101215