9.9AI Score
Exploit for Logging of Excessive Data in Salesagility Suitecrm
CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...
8.6CVSS
7.2AI Score
0.0005EPSS
Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...
7.5CVSS
6.8AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.013EPSS
Exploit for OS Command Injection in Tp-Link Tl-Wr840N Firmware
CVE-2022-25064 TP-LINK TL-WR840N RCE via the function...
9.8CVSS
10AI Score
0.012EPSS
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local...
8.8CVSS
7.6AI Score
0.0004EPSS
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...
5.3CVSS
7.1AI Score
0.001EPSS
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...
5.3CVSS
7.2AI Score
0.001EPSS
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 PoC Description This repository contains a...
7.5CVSS
7.5AI Score
0.052EPSS
Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...
4.7CVSS
6.7AI Score
0.0004EPSS
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...
9.8CVSS
7AI Score
0.001EPSS
An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash...
6.5CVSS
6.5AI Score
0.001EPSS
Exploit for Code Injection in Vmware Spring Framework
Spring Core RCE/CVE-2022-22965 影响范围:JDK>=9...
0.1AI Score
Exploit for Use After Free in Google Android
Bad Spin: Android Binder LPE Author: Moshe Kol Privilege...
7AI Score
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...
5.4CVSS
6.8AI Score
0.001EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 Openfire Console Authentication Bypass...
8.6CVSS
8.1AI Score
0.973EPSS
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki...
6.1CVSS
6.7AI Score
0.002EPSS
Exploit for Out-of-bounds Write in Lenovo Diagnostics
CVE-2022-3699 Incorrect access control for the Lenovo...
7.8CVSS
7.9AI Score
0.002EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...
8.2CVSS
8.3AI Score
0.0004EPSS
7.4AI Score
EPSS
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero...
4.8CVSS
7AI Score
0.001EPSS
FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a1e2bad-0836-11ef-9fd2-1c697a616631 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any...
8.8CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
EPSS
Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway
Summary Security Vulnerabilities in Node.js and packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-31206 DESCRIPTION: **Node.js dectalk-tts module could allow a remote attacker to obtain sensitive information, caused by the use of...
8.2CVSS
8AI Score
0.0004EPSS
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA...
5.3CVSS
5AI Score
0.006EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
CVE 30190 Amine TITROFINE | December 17, 2022 ...
7.8CVSS
8.5AI Score
0.966EPSS
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....
8.8CVSS
6.9AI Score
0.0004EPSS
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....
7.2CVSS
6.9AI Score
0.0004EPSS
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...
5.5CVSS
5.2AI Score
0.0004EPSS
Exploit for Code Injection in Vmware Spring Framework
Spring4Shell-POC (CVE-2022-22965)...
-0.2AI Score
Issue Overview: 2024-05-09: CVE-2022-33196 was added to this advisory. Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...
7.5CVSS
7.2AI Score
0.0004EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 A server side template injection vulnerability...
10CVSS
10AI Score
0.966EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
CVE 30190 Amine TITROFINE | December 17, 2022 ...
8.2AI Score
Exploit for Path Traversal in Grafana
CVE-2021-43798 – Grafana Exploit About This is a...
7.5CVSS
0.6AI Score
0.975EPSS
Improper handling of JavaScript whitespace in html/template
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...
9.8CVSS
9.6AI Score
0.003EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
3.3AI Score
0.0004EPSS
SuiteCRM Unauthenticated Graphql Introspection
Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and...
5.3CVSS
4.7AI Score
0.404EPSS
CVE-2022-21449-TLS-PoC CVE-2022-21449 ([also dubbed Psychic...
7.5CVSS
7.5AI Score
0.001EPSS
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local...
6.1CVSS
6.6AI Score
0.001EPSS
Exploit for Command Injection in Ivanti Connect Secure
🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...
9.1CVSS
8.2AI Score
0.971EPSS
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...
4.3CVSS
7.2AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
6CVSS
6.3AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
POC for CVE-2021-44228 This python script was created while...
10CVSS
10AI Score
0.975EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.7CVSS
4.6AI Score
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
3.5AI Score
0.0004EPSS
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for...
7.1CVSS
7AI Score
0.001EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...
8.2CVSS
8.3AI Score
0.0004EPSS
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...
4.7CVSS
7.2AI Score
0.0004EPSS
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment...
5.4CVSS
5.9AI Score
0.001EPSS