Lucene search

K

B&R Security Vulnerabilities

githubexploit
githubexploit

Exploit for Command Injection in Chamilo

CVE-2023-34960 Mass unauthenticated command injection...

9.8CVSS

9.7AI Score

0.923EPSS

2023-07-22 05:27 AM
339
osv
osv

CVE-2021-3701

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user....

6.6CVSS

6.2AI Score

0.0004EPSS

2022-08-23 04:15 PM
3
githubexploit
githubexploit

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 Basic vulnerability scanning to see if web...

7.5CVSS

6.7AI Score

0.732EPSS

2023-10-10 02:20 PM
1194
githubexploit
githubexploit

Exploit for Improper Authentication in Automattic Woocommerce Payments

CVE-2023-28121 WooCommerce Payments < 5.6.2 - Unauthenticated...

9.8CVSS

9.3AI Score

0.933EPSS

2023-07-12 02:41 AM
203
nuclei
nuclei

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a.....

9.8CVSS

9.6AI Score

0.974EPSS

2023-01-20 02:15 PM
89
osv
osv

BIT-ruby-2020-5247

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. CR, LF or/r, /n) to end the header and inject malicious content, such as additional headers or an entirely new response body....

7.5CVSS

6.2AI Score

0.014EPSS

2024-03-06 11:05 AM
6
githubexploit
githubexploit

Exploit for Embedded Malicious Code in Tukaani Xz

xzk8s [![Docker Pulls...

7.2AI Score

2024-04-02 08:07 PM
93
packetstorm

7.4AI Score

2024-05-14 12:00 AM
127
nvd
nvd

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.3AI Score

0.0004EPSS

2024-05-16 09:16 PM
osv
osv

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when.....

3.3CVSS

4.3AI Score

0.0004EPSS

2023-04-14 10:15 PM
1
cve
cve

CVE-2024-21823

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-05-16 09:16 PM
32
githubexploit
githubexploit

Exploit for CVE-2024-31777

CVE-2024-31777 | GUnet OpenEclass E-learning platform...

7.5AI Score

0.001EPSS

2024-04-11 01:48 PM
104
openbugbounty
openbugbounty

kshs.org Cross Site Scripting vulnerability OBB-3918946

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-20 11:50 AM
8
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 An Vulnerability detection and Mass...

9.8CVSS

9.7AI Score

0.938EPSS

2024-06-04 11:32 AM
165
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager

Vulnerability Details fofa: ``` (title="BIG-IP®" ||...

9.8CVSS

9.6AI Score

0.972EPSS

2023-11-01 09:31 AM
319
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager

Vulnerability Details fofa: ``` (title="BIG-IP®" ||...

9.8CVSS

9.6AI Score

0.972EPSS

2023-11-01 09:31 AM
424
f5
f5

K000135795: Downfall Attacks CVE-2022-40982

Security Advisory Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-40982) Impact...

6.5AI Score

0.001EPSS

2023-08-09 12:00 AM
15
exploitdb

7.4AI Score

2024-05-13 12:00 AM
52
githubexploit
githubexploit

Exploit for CVE-2024-31777

CVE-2024-31777 | GUnet OpenEclass E-learning platform...

7.5AI Score

0.001EPSS

2024-04-11 01:48 PM
82
githubexploit
githubexploit

Exploit for Cleartext Transmission of Sensitive Information in Keepass

Keepass-Dumper This is my PoC implementation for...

6.5AI Score

2023-05-22 12:11 AM
272
zdt

7.4AI Score

2024-05-13 12:00 AM
28
nuclei
nuclei

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root...

7.5CVSS

7.3AI Score

0.605EPSS

2022-04-27 03:43 PM
1
cvelist
cvelist

CVE-2024-36963 tracefs: Reset permissions on remount if permissions are options

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

6.6AI Score

0.0004EPSS

2024-06-03 07:50 AM
1
githubexploit
githubexploit

Exploit for CVE-2023-50685

Hipcam RealServer/V1.0 RTSP Format Validation Vulnerability...

7.2AI Score

2023-12-10 01:21 PM
35
nessus
nessus

Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)

The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported version, is a version containing multiple vulnerabilities, including the following: Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard...

9.8CVSS

3.5AI Score

0.003EPSS

2022-08-12 12:00 AM
60
cve
cve

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

6.8AI Score

0.0004EPSS

2024-06-03 08:15 AM
26
vulnrichment
vulnrichment

CVE-2024-36963 tracefs: Reset permissions on remount if permissions are options

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

7AI Score

0.0004EPSS

2024-06-03 07:50 AM
redhat
redhat

(RHSA-2021:4356) Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient...

8.1AI Score

0.004EPSS

2021-11-09 09:08 AM
24
debiancve
debiancve

CVE-2024-27005

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to...

6.5AI Score

0.0004EPSS

2024-05-01 06:15 AM
5
githubexploit

8.8CVSS

0.9AI Score

0.003EPSS

2022-03-06 05:05 PM
549
nvd
nvd

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

6.6AI Score

0.0004EPSS

2024-06-03 08:15 AM
1
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series Insufficiently Protected Credentials (CVE-2021-20597)

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining...

9.1CVSS

8.5AI Score

0.004EPSS

2022-02-07 12:00 AM
17
f5
f5

K000139652: Intel CPU vulnerability CVE-2023-23583

Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....

6.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
6
nvd
nvd

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....

8.8CVSS

8.8AI Score

0.0004EPSS

2024-04-29 01:15 PM
cve
cve

CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-03-14 05:15 PM
44
githubexploit
githubexploit

Exploit for CVE-2022-4060

UPGer | CVE-2022-4060 - User Post Gallery Automatic Mass Tool...

9.7AI Score

2023-09-15 09:38 PM
428
githubexploit
githubexploit

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

Spring Cloud Gateway Actuator API...

9.8AI Score

2022-03-13 10:00 AM
511
cvelist
cvelist

CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...

5.3CVSS

5.7AI Score

0.0004EPSS

2024-03-14 04:45 PM
1
githubexploit

7.3AI Score

2023-10-14 09:35 AM
22
githubexploit

7.3AI Score

2023-10-14 09:35 AM
22
redhat
redhat

(RHSA-2021:4140) Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810...

7.9AI Score

0.004EPSS

2021-11-09 08:21 AM
25
osv
osv

Cosign malicious attachments can cause system-wide denial of service

Summary A remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other....

4.2CVSS

4.7AI Score

0.0004EPSS

2024-04-11 05:05 PM
5
cve
cve

CVE-2023-6028

A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser...

6.1CVSS

6AI Score

0.001EPSS

2024-02-05 06:15 PM
13
openbugbounty
openbugbounty

imet2000-pal.org Cross Site Scripting vulnerability OBB-3921694

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-24 05:07 AM
1
ubuntucve
ubuntucve

CVE-2024-27005

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to...

6.3AI Score

0.0004EPSS

2024-05-01 12:00 AM
3
nuclei
nuclei

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE (XML External Entity)...

8.3CVSS

8.4AI Score

0.006EPSS

2024-02-09 07:59 AM
78
amazon
amazon

Important: microcode_ctl

Issue Overview: 2024-05-09: CVE-2021-33117 was added to this advisory. A flaw was found in microcode. Under complex microarchitectural conditions, an unexpected code breakpoint may cause a system hang. The hang was observed on a Skylake server processor, and subsequent analysis indicated...

6.8CVSS

7.2AI Score

0.001EPSS

2022-03-07 11:34 PM
3
githubexploit
githubexploit

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal Elementor Addons

🚀 WordPress Royal Elementor Addons and Templates Exploit...

9.8CVSS

9.6AI Score

0.911EPSS

2023-11-02 03:28 AM
251
githubexploit
githubexploit

Exploit for Command Injection in Tp-Link Tapo C200 Firmware

TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)...

9.8CVSS

8.5AI Score

0.251EPSS

2023-12-26 08:20 AM
72
cve
cve

CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...

6.5CVSS

8.3AI Score

0.0004EPSS

2024-03-14 05:15 PM
125
Total number of security vulnerabilities101106