Lucene search

K

B&R Security Vulnerabilities

githubexploit
githubexploit

Exploit for CVE-2021-3129

Laravel-debug-Checker...

9.9AI Score

2022-12-10 03:32 AM
182
githubexploit
githubexploit

Exploit for Logging of Excessive Data in Salesagility Suitecrm

CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...

8.6CVSS

7.2AI Score

0.0005EPSS

2024-06-09 07:18 AM
13
osv
osv

CVE-2022-21216

Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...

7.5CVSS

6.8AI Score

0.0004EPSS

2023-02-16 08:15 PM
12
githubexploit
githubexploit

Exploit for CVE-2024-4956

CVE-2024-4956 : Nexus Repository Manager 3 Dork: ...

7.5CVSS

7.3AI Score

0.013EPSS

2024-05-28 03:05 PM
60
githubexploit
githubexploit

Exploit for OS Command Injection in Tp-Link Tl-Wr840N Firmware

CVE-2022-25064 TP-LINK TL-WR840N RCE via the function...

9.8CVSS

10AI Score

0.012EPSS

2022-03-01 03:10 PM
626
osv
osv

CVE-2023-23583

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local...

8.8CVSS

7.6AI Score

0.0004EPSS

2023-11-14 07:15 PM
6
osv
osv

CVE-2023-37305

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...

5.3CVSS

7.1AI Score

0.001EPSS

2023-06-30 05:15 PM
4
osv
osv

CVE-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...

5.3CVSS

7.2AI Score

0.001EPSS

2023-06-30 05:15 PM
5
githubexploit
githubexploit

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 PoC Description This repository contains a...

7.5CVSS

7.5AI Score

0.052EPSS

2024-03-19 04:28 PM
152
veracode
veracode

Denial Of Service (DOS)

Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...

4.7CVSS

6.7AI Score

0.0004EPSS

2024-05-16 07:43 PM
2
osv
osv

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...

9.8CVSS

7AI Score

0.001EPSS

2023-06-30 05:15 PM
3
osv
osv

CVE-2021-42049

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash...

6.5CVSS

6.5AI Score

0.001EPSS

2022-09-29 03:15 AM
2
githubexploit
githubexploit

Exploit for Code Injection in Vmware Spring Framework

Spring Core RCE/CVE-2022-22965 影响范围:JDK>=9...

0.1AI Score

2022-03-31 12:41 PM
152
githubexploit
githubexploit

Exploit for Use After Free in Google Android

Bad Spin: Android Binder LPE Author: Moshe Kol Privilege...

7AI Score

2023-03-23 10:25 AM
421
osv
osv

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...

5.4CVSS

6.8AI Score

0.001EPSS

2022-09-29 03:15 AM
4
githubexploit
githubexploit

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 Openfire Console Authentication Bypass...

8.6CVSS

8.1AI Score

0.973EPSS

2023-06-18 03:42 PM
414
osv
osv

BIT-mediawiki-2020-10959

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki...

6.1CVSS

6.7AI Score

0.002EPSS

2024-03-06 11:14 AM
4
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Lenovo Diagnostics

CVE-2022-3699 Incorrect access control for the Lenovo...

7.8CVSS

7.9AI Score

0.002EPSS

2022-11-09 02:15 PM
1008
osv
osv

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-05 04:56 PM
3
packetstorm

7.4AI Score

EPSS

2024-06-13 12:00 AM
26
osv
osv

CVE-2021-42048

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero...

4.8CVSS

7AI Score

0.001EPSS

2022-09-29 03:15 AM
6
nessus
nessus

FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a1e2bad-0836-11ef-9fd2-1c697a616631 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-05-02 12:00 AM
3
packetstorm

7.4AI Score

EPSS

2024-06-13 12:00 AM
29
ibm
ibm

Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js and packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-31206 DESCRIPTION: **Node.js dectalk-tts module could allow a remote attacker to obtain sensitive information, caused by the use of...

8.2CVSS

8AI Score

0.0004EPSS

2024-05-17 01:55 PM
3
nuclei
nuclei

Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure

Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA...

5.3CVSS

5AI Score

0.006EPSS

2020-09-22 03:44 PM
2
githubexploit
githubexploit

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

CVE 30190 Amine TITROFINE | December 17, 2022 ...

7.8CVSS

8.5AI Score

0.966EPSS

2023-05-14 01:38 PM
178
cve
cve

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-29 01:15 PM
39
cve
cve

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

7.2CVSS

6.9AI Score

0.0004EPSS

2024-05-14 07:15 PM
36
osv
osv

CVE-2023-43123

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

5.5CVSS

5.2AI Score

0.0004EPSS

2023-11-23 10:15 AM
3
githubexploit
githubexploit

Exploit for Code Injection in Vmware Spring Framework

Spring4Shell-POC (CVE-2022-22965)...

-0.2AI Score

2022-03-30 07:54 AM
317
amazon
amazon

Medium: microcode_ctl

Issue Overview: 2024-05-09: CVE-2022-33196 was added to this advisory. Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...

7.5CVSS

7.2AI Score

0.0004EPSS

2023-05-25 05:41 PM
4
githubexploit
githubexploit

Exploit for Code Injection in Crushftp

CVE-2024-4040 A server side template injection vulnerability...

10CVSS

10AI Score

0.966EPSS

2024-05-03 11:29 PM
142
githubexploit
githubexploit

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

CVE 30190 Amine TITROFINE | December 17, 2022 ...

8.2AI Score

2023-05-14 01:38 PM
222
githubexploit
githubexploit

Exploit for Path Traversal in Grafana

CVE-2021-43798 – Grafana Exploit About This is a...

7.5CVSS

0.6AI Score

0.975EPSS

2021-12-11 06:49 PM
440
osv
osv

Improper handling of JavaScript whitespace in html/template

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...

9.8CVSS

9.6AI Score

0.003EPSS

2023-05-05 09:10 PM
10
debiancve
debiancve

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

3.3AI Score

0.0004EPSS

2024-05-16 09:15 PM
10
nuclei
nuclei

SuiteCRM Unauthenticated Graphql Introspection

Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and...

5.3CVSS

4.7AI Score

0.404EPSS

2024-01-28 06:06 AM
10
githubexploit
githubexploit

Exploit for CVE-2022-21449

CVE-2022-21449-TLS-PoC CVE-2022-21449 ([also dubbed Psychic...

7.5CVSS

7.5AI Score

0.001EPSS

2022-04-20 08:31 PM
465
alpinelinux
alpinelinux

CVE-2023-22655

Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local...

6.1CVSS

6.6AI Score

0.001EPSS

2024-03-14 05:15 PM
16
githubexploit
githubexploit

Exploit for Command Injection in Ivanti Connect Secure

🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...

9.1CVSS

8.2AI Score

0.971EPSS

2024-01-20 07:15 PM
205
debiancve
debiancve

CVE-2023-38417

Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...

4.3CVSS

7.2AI Score

0.0004EPSS

2024-05-16 09:15 PM
debiancve
debiancve

CVE-2023-47855

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

6CVSS

6.3AI Score

0.0004EPSS

2024-05-16 09:16 PM
7
debiancve
debiancve

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

7.8AI Score

0.0004EPSS

2024-05-16 09:15 PM
6
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

POC for CVE-2021-44228 This python script was created while...

10CVSS

10AI Score

0.975EPSS

2021-12-14 09:32 PM
231
debiancve
debiancve

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

4.6AI Score

0.0004EPSS

2024-05-16 09:15 PM
7
ubuntucve
ubuntucve

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

3.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
4
osv
osv

CVE-2023-44378

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for...

7.1CVSS

7AI Score

0.001EPSS

2023-10-09 02:15 PM
5
github
github

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-06-05 04:56 PM
10
debiancve
debiancve

CVE-2023-47210

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...

4.7CVSS

7.2AI Score

0.0004EPSS

2024-05-16 09:16 PM
2
osv
osv

CVE-2023-37304

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment...

5.4CVSS

5.9AI Score

0.001EPSS

2023-06-30 05:15 PM
4
Total number of security vulnerabilities101106