Lucene search

K

ESET, Spol. S R.o. Security Vulnerabilities

osv
osv

thinkphp SQL Injection via the index.php s parameter

thinkphp 3.1.3 has SQL Injection via the index.php s...

9.8CVSS

8.2AI Score

0.002EPSS

2022-05-14 03:22 AM
4
nessus
nessus

RHEL 8 : Release of openshift-serverless-clients kn 1.33.0 security update & s (Important) (RHSA-2024:4023)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4023 advisory. Red Hat OpenShift Serverless Client kn 1.33.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.33.0. The kn CLI is...

6.9AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
osv
osv

CVE-2023-32263

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when...

5.7CVSS

6.7AI Score

0.001EPSS

2023-07-19 04:15 PM
3
nessus
nessus

Fortinet Fortigate 's map server (FG-IR-22-468)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-468 advisory. An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through...

4.8CVSS

5.2AI Score

0.001EPSS

2023-06-13 12:00 AM
36
ibm
ibm

Security Bulletin: IBM i is vulnerable to a privilege escalation due to the ability to configure a physical file trigger in Db2 for IBM i. [CVE-2024-27275]

Summary IBM i is vulnerable to a privilege escalation due to a user without privilege being able to configure a physical file trigger in Db2 for IBM i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

7.4CVSS

6.6AI Score

0.0004EPSS

2024-06-20 03:15 PM
4
nessus
nessus

HTTP Host Information via NTLM SSP over HTTP(S)

Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over...

0.5AI Score

2019-10-04 12:00 AM
9
zdt
zdt

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Vulnerability

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to...

7.7AI Score

2024-04-22 12:00 AM
61
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor

CVE-2022-46463 (Harbor public镜像下载) Harbor是一款开源的镜像托管平台。...

7.5CVSS

7.6AI Score

0.076EPSS

2023-03-21 10:40 AM
287
cvelist
cvelist

CVE-2023-28018 HCL Connections s vulnerable to possible denial of service for certain users

HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected...

5.5CVSS

5.8AI Score

0.0004EPSS

2024-02-12 10:46 PM
osv
osv

BIT-nginx-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:50 AM
12
osv
osv

CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-02-14 05:15 PM
1
cvelist
cvelist

CVE-2024-4138 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application....

4.3CVSS

5.4AI Score

0.0004EPSS

2024-05-14 03:53 AM
cvelist
cvelist

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

4.3CVSS

5.4AI Score

0.0004EPSS

2024-05-14 03:51 AM
osv
osv

BIT-nginx-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-06-04 09:50 AM
26
osv
osv

CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS

6.2AI Score

0.0004EPSS

2024-02-14 05:15 PM
2
vulnrichment
vulnrichment

CVE-2024-4139 Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)

Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and...

4.3CVSS

7.3AI Score

0.0004EPSS

2024-05-14 03:51 AM
osv
osv

CVE-2023-32261

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * ...

6.5CVSS

6.7AI Score

0.001EPSS

2023-07-19 04:15 PM
3
zdt
zdt

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables...

7.8AI Score

2024-04-22 12:00 AM
73
ibm
ibm

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)|...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-24 01:47 PM
1
osv
osv

CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in...

5CVSS

4.6AI Score

0.001EPSS

2022-11-10 06:15 AM
3
ibm
ibm

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s) and Version(s)|...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-06-24 01:46 PM
2
osv
osv

CVE-2023-32262

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * ...

6.5CVSS

7AI Score

0.001EPSS

2023-07-19 04:15 PM
1
osv
osv

CVE-2022-3867

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in...

4.3CVSS

4.5AI Score

0.001EPSS

2022-11-10 06:15 AM
2
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2023-36745 Microsoft Exchange Server...

8CVSS

7.8AI Score

0.001EPSS

2023-10-23 07:06 PM
165
zdt
zdt

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference Vulnerability

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...

7.5AI Score

2024-04-22 12:00 AM
66
nuclei
nuclei

SolarWinds Serv-U 15.3 - Directory Traversal

SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...

7.5CVSS

7.5AI Score

0.049EPSS

2023-04-15 12:38 PM
57
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 This Repo contain the pcakages and...

7.2CVSS

7.3AI Score

0.969EPSS

2023-02-26 02:33 AM
98
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 This Repo contain the pcakages and...

7.2CVSS

7.3AI Score

0.969EPSS

2023-02-26 02:33 AM
97
cvelist
cvelist

CVE-2024-33002 Cross-Site Scripting (XSS) Vulnerability in SAP S/4HANA (Document Service Handler for DPS)

Document Service handler (obsolete) in Data Provisioning Service does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability with low impact on Confidentiality and Integrity of the...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-05-14 03:49 AM
githubexploit
githubexploit

Exploit for Cross-site Scripting in Helpsystems Cobalt Strike

CVE-2022-39197 RCE POC Usage Prepare Payload...

6.1CVSS

-0.1AI Score

0.008EPSS

2022-10-14 11:46 AM
217
osv
osv

App can read iccId of sim card(s) without requiring READ_PRIVILEGED_PHONE_STATE permission.

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed...

5.5CVSS

5.2AI Score

0.0004EPSS

2022-01-01 12:00 AM
11
osv
osv

Local SQL Injection in Content Provider(s) for package 'com.android.providers.contacts' version 10

In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for...

3.3CVSS

3.8AI Score

0.0004EPSS

2021-07-01 12:00 AM
38
osv
osv

BIT-consul-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and...

7.5CVSS

7.1AI Score

0.02EPSS

2024-03-06 10:52 AM
8
osv
osv

App can read iccId of sim card(s) without requiring READ_PRIVILEGED_PHONE_STATE permission.

In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS

4.8AI Score

0.0004EPSS

2021-08-01 12:00 AM
5
packetstorm

7.4AI Score

2024-04-18 12:00 AM
102
osv
osv

CVE-2022-2986

Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF...

8.8CVSS

6.7AI Score

0.001EPSS

2022-10-06 06:16 PM
7
ibm
ibm

Security Bulletin: HTTP request smuggling vulnerability in IBM Business Automation Workflow Machine Learning Server CVE-2024-1135

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF003 addresses the following vulnerability CVE-2024-1135. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to HTTP request...

7.5CVSS

6AI Score

0.0004EPSS

2024-06-20 02:20 PM
3
githubexploit
githubexploit

Exploit for NULL Pointer Dereference in Linux Linux Kernel

CVE-2022-23222 Chinese writeup:...

7.8CVSS

0.3AI Score

0.0004EPSS

2022-06-07 03:20 AM
424
ibm
ibm

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532).

Summary The security issue described in CVE-2024-37532 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-06-24 06:52 AM
1
ibm
ibm

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-37532

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the...

8.8CVSS

6.7AI Score

0.0004EPSS

2024-06-25 03:26 PM
2
githubexploit
githubexploit

Exploit for CVE-2024-24576

CVE-2024-24576 PoC The Command::arg and...

10CVSS

7.6AI Score

0.0005EPSS

2024-04-09 09:17 PM
109
zdt
zdt

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...

7.5AI Score

2024-04-22 12:00 AM
61
cvelist
cvelist

CVE-2024-32663 Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19....

7.5CVSS

7.7AI Score

0.0004EPSS

2024-05-07 02:48 PM
1
ibm
ibm

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-37532)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....

8.8CVSS

6.3AI Score

0.0004EPSS

2024-06-26 09:18 AM
1
ibm
ibm

Security Bulletin: A vulnerability in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27980)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details Refer to the security...

7AI Score

EPSS

2024-06-24 04:16 PM
githubexploit
githubexploit

Exploit for CVE-2024-24576

CVE-2024-24576 PoC The Command::arg and...

10CVSS

7.6AI Score

0.0005EPSS

2024-04-09 09:17 PM
90
githubexploit
githubexploit

Exploit for Improper Authentication in Fit2Cloud Jumpserver

红队攻防之JumpServer未授权访问漏洞(CVE-202......

8.2CVSS

7.1AI Score

0.831EPSS

2023-09-27 05:09 AM
320
osv
osv

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-06-17 12:00 AM
2
almalinux
almalinux

Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...

8.4CVSS

7AI Score

0.0004EPSS

2024-06-17 12:00 AM
3
osv
osv

CVE-2023-5077

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault...

7.6CVSS

7.1AI Score

0.0005EPSS

2023-09-29 12:15 AM
6
Total number of security vulnerabilities368927