In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that...
6.7AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been.....
5.3CVSS
6.5AI Score
0.0004EPSS
An issue can be linked to by ID even if link and browse permissions are absent
h3. Problem Definition: If you remove the Link Issues Permission and Browse Projects Permission a user can still create a link if they use the issue key. h3. Steps to Reproduce Create a Project Role and remove the "Browse Projects" and "Link Issues" permissions from that role in a target-project......
1.2AI Score
Media resumption control could show up in another user and leak the owner's media data
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...
6.4AI Score
0.0004EPSS
[DeviceChooserActivity Could be Overlaid to Trick User Into Associating a Rogue Companion Device]
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User...
8CVSS
8AI Score
0.0004EPSS
Collapse-O-Matic < 1.8.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it...
5.9AI Score
0.0004EPSS
github.com/kopia/kopiais vulnerable to Sensitive Data Exposure. This vulnerability is due to the "repository status" CLI command with JSON output containing sensitive storage connection credentials which are inadvertently exposed to the...
7.1AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
6.3AI Score
0.0004EPSS
Grafana Forward OAuth Identity Token can allow users to access some data sources
When a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have....
6.6AI Score
0.001EPSS
ADFO – Custom data in admin dashboard < 1.9.1 - Cross-Site Request Forgery
Description The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller() function. This makes it possible....
6.6AI Score
0.0005EPSS
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.2AI Score
0.001EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
o-line.co.za Cross Site Scripting vulnerability OBB-3864124
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Delta Electronics InfraSuite Device Master Gateway Detection
Delta Electronics InfraSuite Device Master Gateway, a component of a data center device monitoring software, is running on the remote...
1.9AI Score
A10 Networks Advanced Core OS Device Detection
Nessus was able to detect the version of the Advanced Core Operating System running on the remote host by examining the SNMP system description value. Advanced Core OS is used in A10 Networks application delivery controllers and load balancing...
2.4AI Score
Netbiter Config NetbiterConfig.exe Device Hostname Remote Overflow
The Netbiter Config utility is installed on the remote Windows host. It is a configuration utility used to query and set TCP/IP network settings in NetBiter WebSCADA devices. According to its version, the installed version of this utility does not properly handle specially crafted UDP packets with....
2.7AI Score
ADFO – Custom data in admin dashboard < 1.9.1 - Reflected Cross-Site Scripting
Description The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.5AI Score
0.001EPSS
Yealink Device Management Platform Web Interface Detection
The web interface for Yealink Device Management Platform, a communications device management platform, was detected on the remote...
7.4AI Score
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400 Exploit Tool 🛠️ This Python script is designed...
10AI Score
0.957EPSS
Data Leak Exposes Business Leaders and Top Celebrity Data
By Waqas A data leak incident involving Clarity.fm left the personal data of business leaders and celebrities exposed to public… This is a post from HackRead.com Read the original post: Data Leak Exposes Business Leaders and Top Celebrity...
7.2AI Score
Exploit for Injection in Atlassian Confluence Data Center
CVE-2023-22527 Confluence RCE CVE-2023-22527 - RCE (Remote...
10AI Score
0.975EPSS
Exploit for Out-of-bounds Write in Google Chrome
CVE-2023-4863 ```bash # checkout webp git clone...
8.7AI Score
0.611EPSS
7.9AI Score
0.967EPSS
1.4AI Score
Cisco Adaptive Security Device Manager (ASDM) Detection
The web user interface for Cisco Adaptive Security Device Manager (ASDM) was detected on remote host. Adaptive Security Device Manager is a GUI-based firewall appliance management...
1.5AI Score
Cisco Firepower Device Manager Web Interface Detection
The remote host is running the Firepower Device Manager, which allows for the configuration of FTD...
2AI Score
Apple Profile Manager Jailbroken iOS Device Detection
Enumerates all of the jailbroken iOS devices managed by Profile...
2.5AI Score
rpc.py vulnerable to Deserialization of Untrusted Data
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Per the maintainer,...
9.4AI Score
0.111EPSS
rpc.py vulnerable to Deserialization of Untrusted Data
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Per the maintainer,...
9.4AI Score
0.111EPSS
The remote host is missing one or more security patches. This plugin ensures that supersedence has been calculated for all missing patches and stores the supersedence data in the scan report so that recommendations can be made for the latest and least number of patches to install to make sure the.....
1.6AI Score
This plugin collects all mobile device hardware and software information from...
1.5AI Score
1.3AI Score
This plugin requests the ActiveSync device information for iPhones and Android phones that have version information supplied on the server. If the device is found, it will store the data for future requests and report that the device is managed on ActiveSync. Note that any devices reported here...
2.6AI Score
9.4AI Score
0.975EPSS
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...
8.5CVSS
6.7AI Score
0.001EPSS
WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...
6.9AI Score
0.001EPSS
Description The Simple Website Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, scorecard, envoy-ratelimit, ip-masq-agent, atlantis, keda, opentofu, sigstore-scaffolding, flux-helm-controller, gitlab-shell, nginx-stable, haproxy-ingress,...
7.5AI Score
Ansible Leaks Data Passed to ssh-keygen
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to....
7.5AI Score
0.001EPSS
Dahua IPC/VTH/VTO - Authentication Bypass
Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data...
9.6AI Score
0.304EPSS
Golang TIFF decoder does not place a limit on the size of compressed tile data
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and...
7AI Score
0.001EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, scorecard, envoy-ratelimit, ip-masq-agent, atlantis, keda, opentofu, sigstore-scaffolding, flux-helm-controller, gitlab-shell, nginx-stable, haproxy-ingress,...
8.7AI Score
0.72EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.2AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
6.1AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, tekton-pipelines, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, docker, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, dynamic-localpv-provisioner, cilium, goreleaser, spark-operator, k8sgpt,...
6.2AI Score
0.0004EPSS
Golang TIFF decoder does not place a limit on the size of compressed tile data
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and...
7AI Score
0.001EPSS
kurwov vulnerable to Denial of Service due to improper data sanitization
Summary An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...
6.3AI Score
0.0004EPSS