JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities
🚀 WordPress Royal Elementor Addons and Templates Exploit...
9.8CVSS
9.6AI Score
0.911EPSS
AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)
IBM SECURITY ADVISORY First Issued: Wed May 8 16:18:28 CDT 2024 |Updated: Tue Jun 4 15:20:02 CDT 2024 |Update: iFix added for VIOS 3.1.4.31. The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory6.asc Security Bulletin: AIX...
7.5CVSS
6.3AI Score
0.0005EPSS
Django database denial-of-service with ModelMultipleChoiceField
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL...
7.3AI Score
0.027EPSS
REXML contains a denial of service vulnerability
Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many <s>
5.3CVSS
7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Readymedia Project Readymedia
CVE-2023-33476 ReadyMedia (MiniDLNA) versions from 1.1.15...
9.8CVSS
9.3AI Score
0.001EPSS
7.1AI Score
7.1AI Score
7.1AI Score
Malicious code in xterm-addon-clipboard (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5cf6d3796e2698ca788f0833376dcbd11460b764506f5ffb63bdd8e71262113e) The OpenSSF Package Analysis project identified 'xterm-addon-clipboard' @ 6.0.7 (npm) as malicious. It is considered malicious because: The...
7.4AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Navigate CMS 2.9.4 - Server-Side Request Forgery
Navigate CMS 2.9.4 is susceptible to server-side request forgery via feed_parser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...
4.9CVSS
5.5AI Score
0.045EPSS
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (a-zA-Z0-9 ^ 15). It is recommended that the Nextcloud Server is upgraded.....
6.5CVSS
5.2AI Score
0.001EPSS
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...
7.5CVSS
6.6AI Score
0.001EPSS
Ollama does not validate the format of the digest (sha256 with 64 hex digits) in...
6.8AI Score
EPSS
(RHSA-2024:3575) Low: Red Hat build of Keycloak 24.0.5 enhancement and security update
Red Hat build of Keycloak 24.0.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security Fix(es): * exposure of sensitive information in Pushed Authorization Requests (PAR)...
6.2AI Score
0.0004EPSS
Summary IBM Security Guardium has addressed this vulnerability. Vulnerability Details CVEID: CVE-2022-43904 DESCRIPTION: IBM Security Guardium could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. CVSS Base score: 7.5 CVSS Temporal...
7.5CVSS
7.5AI Score
0.001EPSS
NocoDB Allows Preview of Files with Dangerous Content
Summary Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack. PoC NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently...
5.7CVSS
7.1AI Score
0.0004EPSS
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...
5.3CVSS
5.3AI Score
0.0004EPSS
8.8AI Score
IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.21 XSS (7158662)
The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7158662 advisory. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...
4.8CVSS
5AI Score
0.0004EPSS
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry...
7.5CVSS
6.8AI Score
0.001EPSS
Summary TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491). A patch has been provided that updates the Dmidecode library. Vulnerability Details ** CVEID: CVE-2023-29491 DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by a memory corruption...
7.8CVSS
6.8AI Score
0.0004EPSS
Exploit for Link Following in Microsoft
CVE-2023-36874 Windows Error Reporting LPE BOF...
7.8CVSS
7.8AI Score
0.059EPSS
7.1AI Score
7.1AI Score
ibm.mq is vulnerable to a Denial of service. The vulnerability is due to insufficient handling of HTTP requests, which allows an attacker to craft requests that cause excessive resource consumption. This can potentially leads to Denial of...
7.5CVSS
6.9AI Score
0.0004EPSS
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of...
7.5CVSS
6.3AI Score
0.004EPSS
CVE-2022-24816 Improper Control of Generation of Code in jai-ext
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects...
10CVSS
7.4AI Score
0.968EPSS
Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged...
9.8CVSS
9.2AI Score
0.239EPSS
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this...
5.3CVSS
6.7AI Score
0.0005EPSS
Exploit for Deserialization of Untrusted Data in Flask-Caching Project Flask-Caching
CVE-2021-33026 Pickle Serialization Remote Code Execution -...
9.8CVSS
9.9AI Score
0.008EPSS
CVE-2023-33106 Use of Out-of-range Pointer Offset in Graphics
Memory corruption while submitting a large list of sync points in an AUX command to the...
8.4CVSS
7.3AI Score
0.001EPSS
Blue Coat ProxyClient Installed (Mac OS X)
Blue Coat ProxyClient, a security and acceleration application, is installed on the remote Mac OS X host. Note that Blue Coat Unified Agent will replace Blue Coat ProxyClient in...
1.2AI Score
7.8CVSS
7.8AI Score
0.0004EPSS
7.1AI Score
Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive...
0.0004EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
10CVSS
7.7AI Score
0.048EPSS
CVE-2024-38572 wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Currently, there is no terminator entry for ath12k_qmi_msg_handlers hence facing below KASAN warning,...
0.0004EPSS
github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper validation of HTTP requests before processing them in server.go, allowing untrusted requests to crash the Minder control plane, denying service to other...
7.5CVSS
7AI Score
0.0004EPSS
Precor touchscreen console P62, P80, and P82 could allow a remote attacker to obtain sensitive information because the root password is stored in /etc/passwd. An attacker could exploit this to extract files and obtain sensitive...
6.5AI Score
0.0004EPSS
Mattermost allows attackers access to posts in channels they are not a member of in...
4.3CVSS
6.6AI Score
0.0004EPSS
Collect banner of unknown services
This plugin collect the banner from unknown/unidentified services. The actual reporting takes place in the separate...
7.3AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Malicious code in fredmi (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (01c99c53e4554cc5799b0b94a6bd72836ccf768e513a2b299ccdc4d963603df6) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
7.1AI Score