In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: do not realloc workqueue everytime an interface is added Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to "NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to set the...
6.5AI Score
0.0004EPSS
🚀 CVE-2024-29269 Exploit This repository contains an exploit...
8.3AI Score
0.001EPSS
Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
8.2CVSS
6.9AI Score
0.0005EPSS
JBWPer | CVE-2022-4061 - JobBoardWP Automatic Mass Tool for...
7.7AI Score
10CVSS
6.7AI Score
0.001EPSS
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 A scanning utility and PoC for CVE-2023-50164...
9.8CVSS
6.8AI Score
0.09EPSS
sekarlaut.com Cross Site Scripting vulnerability OBB-3918471
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...
9.8CVSS
7.1AI Score
0.003EPSS
Exploit for Server-Side Request Forgery in Fusion Builder Project Fusion Builder
Fubucker | CVE-2022-1386 - Fusion Builder Automatic Mass Tool...
9.6AI Score
9.8CVSS
8.6AI Score
0.035EPSS
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R...
7.8CVSS
7.7AI Score
0.0004EPSS
slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An....
6.5CVSS
6.9AI Score
0.001EPSS
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...
8.3CVSS
8.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: do not realloc workqueue everytime an interface is added Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to "NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to set the...
6.4AI Score
0.0004EPSS
This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...
8.8CVSS
7.3AI Score
0.001EPSS
soltiles.in Cross Site Scripting vulnerability OBB-3918472
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094-info CVE-2024-3094 PoC Exploration...
10CVSS
9.9AI Score
0.133EPSS
7.2AI Score
0.0004EPSS
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
...
7.4AI Score
0.0004EPSS
7.1AI Score
0.001EPSS
10CVSS
7.1AI Score
0.001EPSS
7.4AI Score
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related...
4.3CVSS
4.6AI Score
0.001EPSS
unionteamltd.com.hk Cross Site Scripting vulnerability OBB-3918579
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...
5.3CVSS
7.7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortios
CVE-2022-42475 Background This is the exploit for the...
9.8CVSS
9.9AI Score
0.321EPSS
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the...
7.2CVSS
6.9AI Score
0.0004EPSS
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r--r--. This means that any...
3.3CVSS
3.4AI Score
0.0004EPSS
Intel(R) Atom(R) Processors are vulnerable to information exposure through microarchitectural state after transient execution. The vulnerability is due to certain register files, which, when accessed by an authenticated user, may potentially enable information disclosure via local...
6.5CVSS
6AI Score
0.0004EPSS
smartdoms.com Cross Site Scripting vulnerability OBB-3918577
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak in ext4_fill_super"), after the file system is remounted read-only, there is a race where the kmmpd thread...
6.9AI Score
0.0004EPSS
Exploit for Injection in Atlassian Confluence Data Center
Atlassian Confluence CVE-2023-22527 Scanner 🛡️ Overview 🌟...
9.8CVSS
9.2AI Score
0.973EPSS
Exploit for Command Injection in Tp-Link Archer Ax21 Firmware
Description CVE-2023–1389 is an Unauthenticated Command...
8.8CVSS
7.7AI Score
0.069EPSS
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...
6.5CVSS
7.4AI Score
0.001EPSS
Ivanti EPM Cloud Services Appliance Code Injection
Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions...
9.8CVSS
9.6AI Score
0.971EPSS
CVE-2024-24919-PoC ![Screenshot of the exploit...
8.6CVSS
6.5AI Score
0.945EPSS
WordPress BulletProof Security 5.1 Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up....
5.3CVSS
4.9AI Score
0.248EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak in ext4_fill_super"), after the file system is remounted read-only, there is a race where the kmmpd thread...
6.5AI Score
0.0004EPSS
Exploit for SQL Injection in Moodle
CVE-2021-36393 Exploit Description This repository holds...
9.8CVSS
7.9AI Score
0.001EPSS
MovableType - Remote Command Injection
MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via...
9.8CVSS
9.7AI Score
0.97EPSS
Arbitrary File Overwrite in Eclipse JGit
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensiti...
8.8CVSS
8.8AI Score
0.001EPSS
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds)....
6.5CVSS
7.4AI Score
0.0005EPSS
Exploit for Command Injection in Chamilo
CVE-2023-34960 Mass unauthenticated command injection...
9.8CVSS
9.8AI Score
0.923EPSS
10AI Score
(RHSA-2024:3178) Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
7AI Score
0.0005EPSS
Apache APISIX - Remote Code Execution
A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port...
9.8CVSS
9.6AI Score
0.974EPSS
7.4AI Score
9.8CVSS
9.8AI Score
0.973EPSS
Issue Overview: 2024-05-09: CVE-2021-33117 was added to this advisory. Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. (CVE-2021-33117) A flaw was....
5.5CVSS
7.1AI Score
0.0005EPSS
**Check Point Security Gateway RCE Exploit Tool...
8.6CVSS
7.2AI Score
0.945EPSS