Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
0.0004EPSS
Description The Widget Options - Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 5.1.3 (exclusive) for Widget Options - Extended and all versions up to, and including, 4.0.1 for Widget Options. This makes it possible for unauthenticated attackers....
6.5CVSS
6.3AI Score
EPSS
VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability
Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information...
7.5CVSS
7.5AI Score
0.488EPSS
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center. This issue affects Apache ServiceComb Service-Center before 2.1.0 (included). Users are recommended to upgrade to version 2.2.0, which fixes the...
7.5CVSS
6.8AI Score
0.001EPSS
Prison Management System - SQL Injection Authentication Bypass
Sql injection vulnerability was found on the login page in Prison Management...
6.8AI Score
EPSS
VMware vCenter Server vmdir Information Disclosure
This module uses an anonymous-bind LDAP connection to dump data from the vmdir service in VMware vCenter Server version 6.7 prior to the 6.7U3f update, only if upgraded from a previous release line, such as 6.0 or 6.5. If the bind username and password are provided (BIND_DN and BIND_PW options),...
9.8CVSS
9.3AI Score
0.745EPSS
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Impact When the Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can configure Cilium to...
5.3CVSS
6.7AI Score
0.0005EPSS
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any...
9.1CVSS
6.9AI Score
0.0005EPSS
9.8CVSS
7.4AI Score
0.001EPSS
CVE-2022-22733 CVE-2022-22733 is a vulnerabilit that...
6.5CVSS
6.8AI Score
0.198EPSS
Sensitive Information Disclosure
directus is vulnerable to an Sensitive Information Disclosure. The vulnerability is due to inadequate filtering of hashed data when using the alias API, allowing users to retrieve sensitive information in plaintext that is normally...
4.9CVSS
6.6AI Score
0.0004EPSS
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA...
5.3CVSS
5AI Score
0.006EPSS
CVE-2024-24919 An Vulnerability detection and Exploitation...
8.6CVSS
6.1AI Score
0.945EPSS
CVE-2024-5381 itsourcecode Student Information Management System view.php sql injection
A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The...
6.3CVSS
6.8AI Score
0.0004EPSS
Exposure Of Sensitive Information To An Unauthorized Actor
silverstripe/userforms is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. This vulnerability is due to insufficient authorization checks in submission notification emails, potentially enabling an attacker to access sensitive files uploaded through the forms without proper....
6.8AI Score
Release Information for NEC Storage V Series Plug-In for Veeam Backup & Replication
Release Information for NEC Storage V Series Plug-In for Veeam Backup &...
2.1AI Score
Host system modification in github.com/moby/buildkit
A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host...
10CVSS
7.1AI Score
0.001EPSS
In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution.....
7.8CVSS
7AI Score
0.0004EPSS
Lenovo System Update Installed
Lenovo System Update (formerly known as ThinkVantage System Update), a system update utility for Lenovo systems, is installed on the remote Windows...
1AI Score
Telvent OASyS System Detection
The remote host is running the Telvent OASyS Application. Telvent OASyS is a SCADA system widely used to control pipelines. It may also be found in electric, water, and other SCADA...
0.4AI Score
Releases Ubuntu 24.04 LTS Packages libvirt - Libvirt virtualization toolkit Details Martin Širokov discovered that libvirt incorrectly handled certain memory operations. A local attacker could possibly use this issue to access virtproxyd without...
6.2CVSS
7.2AI Score
0.0004EPSS
Cisco TelePresence System Detection
Nessus determined that the remote host is a Cisco TelePresence video teleconferencing...
1.4AI Score
CVE-2024-5381 itsourcecode Student Information Management System view.php sql injection
A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The...
6.3CVSS
7.4AI Score
0.0004EPSS
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
cockpit bug fix and enhancement update
An update is available for cockpit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4....
6.8AI Score
Exposure Of Sensitive Information
github.com/openshift/cluster-monitoring-operator is vulnerable to Exposure of Sensitive Information. The vulnerability is due to an annotation in the telemeter-client pod in the openshift-monitoring namespace that contains the cluster's pull secret, which can be accessed by users with sufficient...
7.7CVSS
6.9AI Score
0.0004EPSS
7.2AI Score
EPSS
CVE-2024-24919 Quick and simple script that takes as input a...
8.6CVSS
6.2AI Score
0.945EPSS
thelounge is vulnerable to Information Disclosure. The vulnerability is due to inadequate handling of unique identifiers when different connections share the same local port but have various addresses, potentially leading to the public disclosure of user...
6.8AI Score
**CVE-2024-24919 Potentially allowing an attacker to read...
8.6CVSS
8.5AI Score
0.945EPSS
co-free.julius-kuehn.de Cross Site Scripting vulnerability OBB-3870099
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-24919 Nmap script to check vulnerability...
8.6CVSS
6.2AI Score
0.945EPSS
Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.3AI Score
0.006EPSS
[Android 13 Beta] Fast Pair - Information disclosure of Bluetooth Model ID and MAC Address
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.8AI Score
0.0004EPSS
(RHSA-2024:3323) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
Recon Tool Installation git clone...
8.6CVSS
8.6AI Score
0.945EPSS
(RHSA-2024:3325) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
$$\ce{$\unicode[goombafont; color:red; pointer-events:...
8.6CVSS
8.7AI Score
0.945EPSS
(RHSA-2024:3322) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
(RHSA-2024:3321) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
Exposure Of Sensitive Information To An Unauthorized Actor
Mattermost is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. The vulnerability is due to a lack of proper authorization checks in the /api/v4/groups//channels//link endpoint, allowing users to learn members of an AD/LDAP group linked to a team by adding the group to a...
4.3CVSS
6.7AI Score
0.0004EPSS
**CVE-2024-24919 Potentially allowing an attacker to read...
8.6CVSS
6AI Score
0.945EPSS
VikRentCar Car Rental Management System < 1.3.3 - Information Exposure
Description The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.2 due to publicly accessible PDF files. This makes it possible for unauthenticated attackers to extract potentially sensitive...
5.9CVSS
6.7AI Score
0.0004EPSS
7.5CVSS
7.1AI Score
0.011EPSS
AIX is affected by information disclosure due to Python (CVE-2024-28757)
IBM SECURITY ADVISORY First Issued: Thu Jun 13 15:37:38 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory9.asc Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)...
7.3AI Score
0.0004EPSS
(RHSA-2024:3324) Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
Mediawiki information disclosure vulnerability
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the...
6.5CVSS
6.4AI Score
0.003EPSS
CVE-2024-24919 Exploit Overview This repository contains...
8.6CVSS
8.6AI Score
0.945EPSS
CVE-2024-2725 Exposure of Sensitive Information vulnerability in the CIGESv2 system
Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the...
7.5CVSS
7.6AI Score
0.0004EPSS
Wikimedia information leak vulnerability
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and...
7.5CVSS
6.5AI Score
0.002EPSS