7.4AI Score
7.4AI Score
9.8CVSS
9.6AI Score
0.901EPSS
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.Due to this vulnerability, users with low privileges may gain administrative access to the system.This issue can also be exploited in Artifactory platforms with...
9CVSS
7AI Score
0.0004EPSS
Exploit for Path Traversal in Aiohttp
[ CVE-2024-23334 :; 남의 exploit 리뷰 ] Review an exploit...
7.5CVSS
7.6AI Score
0.052EPSS
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network...
9.8CVSS
7.6AI Score
0.002EPSS
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.6AI Score
0.0004EPSS
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...
8.8CVSS
6.5AI Score
0.0004EPSS
An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and...
6.1CVSS
6.6AI Score
0.001EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 - exploit scanners This repository contains...
10CVSS
9.5AI Score
0.966EPSS
7.4AI Score
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the...
6.6AI Score
0.002EPSS
r-models.eu Cross Site Scripting vulnerability OBB-3846919
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.3AI Score
7.4AI Score
7.4AI Score
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7.3AI Score
0.0004EPSS
Exploit for SQL Injection in Layerslider
CVE-2024-2879 Description LayerSlider 7.9.11 - 7.10.0 -...
9.8CVSS
7.8AI Score
0.004EPSS
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
7.7AI Score
0.002EPSS
Exploit for Infinite Loop in Openssl
CVE-2022-0778 The discovered vulnerability triggers an...
7.5CVSS
8.1AI Score
0.013EPSS
Exploit for Path Traversal in Sysaid Sysaid On-Premises
Vulnerability Details fofa: ```text ...
9.8CVSS
9.6AI Score
0.935EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.901EPSS
9.8CVSS
7.7AI Score
0.085EPSS
8.3AI Score
0.0004EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
Exploit for Path Traversal in Microsoft
CVE-2021-40444 Usage Ensure to run setup.sh first as...
8.8CVSS
6.7AI Score
0.968EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
3.2AI Score
0.0004EPSS
K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383
Security Advisory Description CVE-2023-24592 Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some...
6.5AI Score
0.0004EPSS
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local...
5.5CVSS
4.9AI Score
0.001EPSS
Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor
CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...
9.8CVSS
9.5AI Score
0.097EPSS
Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor
CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...
9.8CVSS
9.5AI Score
0.097EPSS
CVE-2024-29895 Cacti CVE-2024-29895 POC A command injection...
10CVSS
8.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...
6.8AI Score
0.0004EPSS
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local...
5.5CVSS
5.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...
6.7AI Score
0.0004EPSS
Exploit for Use After Free in Microsoft
CVE-2023-36802 Local Privilege Escalation POC authors:...
7.8CVSS
6.7AI Score
0.001EPSS
9.8CVSS
10AI Score
0.975EPSS
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title...
6.1CVSS
5.8AI Score
0.001EPSS
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...
6.5CVSS
6.4AI Score
0.001EPSS
Exploit for Cross-site Scripting in Citrix Gateway
CVE-2023-24488 POC for CVE-2023-24488 Citrix Gateway...
6.1CVSS
6.1AI Score
0.055EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
Exploit for Code Injection in Apache Ofbiz
ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For...
9.8CVSS
6.6AI Score
0.821EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...
9.8CVSS
9.7AI Score
0.938EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.7CVSS
4.5AI Score
0.0004EPSS
$$\ce{$\unicode[goombafont; color:red; pointer-events:...
8.6CVSS
8.7AI Score
0.945EPSS
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5CVSS
6.2AI Score
0.001EPSS
Exploit for Origin Validation Error in Trendmicro Apex One
NotProxyShellScanner Python implementation for NotProxyShell...
7.3AI Score
[SECURITY] Fedora 39 Update: nextcloud-28.0.5-2.fc39
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....
7.3AI Score
[SECURITY] Fedora 40 Update: nextcloud-28.0.5-2.fc40
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....
7.3AI Score