ReadToMyShoe - Generation of Error Message Containing Sensitive Information
ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which...
7.4CVSS
6.3AI Score
0.172EPSS
Mattermost Server doesn't limit the number of user preferences
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of...
4.3CVSS
6.7AI Score
0.0004EPSS
Displaying photos of other users via a notification with RemoteViews.setIcon/4
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
Registering BroadcastReceiver as another app through IApplicationThread of isolated external service
In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
7.8CVSS
6.8AI Score
0.0004EPSS
[Out of Bounds Read in avdt_scb_hdl_pkt_no_frag Function in avdt_scb_act.cc in Bluetooth]
In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
[Out of Bounds Write in bta_av_rc_disc_done Function in bta_av_act.cc in Bluetooth]
In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
[Regression] Uninstalling of packages by DPC does not work in T
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
[Out of Bounds Read in process_service_search_rsp Function in sdp_discoverty.cc in Bluetooth]
In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.2AI Score
0.001EPSS
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...
7AI Score
EPSS
[Crafted HFP Client Packet Causes Out-of-bounds Read in Bluetooth]
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
ActiveMQ-Exploit English |...
7.3AI Score
Impact of TunnelVision Vulnerability
The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the...
7.6CVSS
6.3AI Score
0.0005EPSS
CVE-2024-24919 Esse projeto tem como objetivo criar uma...
8.6CVSS
6.3AI Score
0.945EPSS
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...
8.2AI Score
Exploit for Improper Preservation of Permissions in Mobyproject Moby
CVE-2021-41091 This exploit offers an in-depth look at the...
6.3CVSS
7.6AI Score
0.0005EPSS
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy
Impact An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted endpointSelector that uses the DoesNotExist operator....
8.1CVSS
8.1AI Score
0.0004EPSS
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
5CVSS
5.2AI Score
0.0004EPSS
Use Of Cryptographically Weak Pseudo-Random Number Generator
stormpath/sdk is vulnerable to Use Of Cryptographically Weak Pseudo-Random Number Generator. This vulnerability is due to an insecure generation of UUID version...
7.1AI Score
Exposure Of Sensitive Information To An Unauthorized Actor
silverstripe/userforms is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. This vulnerability is due to insufficient authorization checks in submission notification emails, potentially enabling an attacker to access sensitive files uploaded through the forms without proper....
6.8AI Score
Bouncy Castle Denial of Service (DoS)
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has...
5.5CVSS
7.1AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4j-honeypot-flask Internal network honeypot for detecting...
8.8AI Score
Deserialization Of Untrusted Data
Whaleal IceFrog is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in the aviator Template Engine which can result in code...
8.8CVSS
7AI Score
0.009EPSS
TYPO3 Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual.....
7.1AI Score
Microsoft Common Data Model SDK Denial of Service Vulnerability
Microsoft Common Data Model SDK Denial of Service...
6.5CVSS
7AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...
8CVSS
8.3AI Score
0.216EPSS
CVE-2024-24919-PoC ![Screenshot of the exploit...
8.6CVSS
8.8AI Score
0.945EPSS
Mattermost fails to limit the number of active sessions
Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions...
4.3CVSS
4.5AI Score
0.0004EPSS
PyMongo Out-of-bounds Read in the bson module
Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...
5AI Score
0.0004EPSS
PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access
The remote host is running PHP 4.3.0. There is a flaw in this version that could allow an attacker to execute arbitrary PHP code on this...
7AI Score
0.58EPSS
octo-sts is vulnerable to Denial of Service (DoS). The vulnerability is due to missing HTTP request response size checks, which allows an attacker to cause a Denial of Service by flooding the STS service with...
3.7CVSS
6.9AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034-PwnKit PwnKit PoC for Polkit pkexec...
7.8CVSS
8.6AI Score
0.0005EPSS
moby docker daemon crash during image pull of malicious image
Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the....
6.5CVSS
6.6AI Score
0.006EPSS
Minder affected by denial of service from maliciously configured Git repository
Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...
5.7CVSS
6.4AI Score
0.0004EPSS
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = Zend_Db::factory( /* options here */ ); $select =...
8.2AI Score
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = Zend_Db::factory( /* options here */ ); $select =...
8.2AI Score
WP-CVE-2023-5360 Royal Elementor Addons and Templates <=...
9.8CVSS
9.7AI Score
0.911EPSS
Check Point Security Gateways Information Disclosure -...
8.6CVSS
8.6AI Score
0.945EPSS
Exploit for Out-of-bounds Write in Microsoft
CVE-2022-37969 Windows Local Privilege Escalation PoC...
7.8CVSS
8.7AI Score
0.001EPSS
Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074). IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability...
5.3CVSS
5.7AI Score
0.0005EPSS
Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp
URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log...
7AI Score
CVE-2023-5360 CVE-2023-5360 Auto...
9.8CVSS
7AI Score
0.911EPSS
Time-of-check time-of-use race condition in github.com/containers/podman/v4
A Time-of-check Time-of-use (TOCTOU) flaw appears in this version of podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file...
6.8CVSS
6.7AI Score
0.001EPSS
Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel
RNDIS-CO Summary The RNDIS USB Gadget may be exploited...
6.9AI Score
Permanent device denial of service due to improper input validation in AppOpsService
In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
Leak of cross-user contact data in FDN contact importation in Telephony
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.5AI Score
0.0004EPSS
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.4AI Score
0.0004EPSS
[Out of Bounds Read and Write in configureProducer in C2BqBuffer.cpp in libcodec2_vndk]
In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for...
4.4CVSS
6.5AI Score
0.0004EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website Builder
WP Elementor 3.6.0/1/2 Remote Code Execution ``` Google...
8.8CVSS
8.9AI Score
0.96EPSS
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...
7AI Score
Microsoft.AspNetCore.App.Runtime is vulnerable to Denial of Service (DoS). The vulnerability is caused by a deadlock that occurs within the .NET Kestrel web server, specifically impacting the handling of concurrent requests under certain conditions, which allows an attacker to potentially disrupt.....
5.9CVSS
6.9AI Score
0.0004EPSS