Lucene search

K

JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

wpexploit
wpexploit

Easy Table of Contents < 2.0.66 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is...

5.9AI Score

0.0004EPSS

2024-06-05 12:00 AM
6
osv
osv

Investigate Security Vulnerability of getPhysicalDisplayToken

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS

7.3AI Score

0.0004EPSS

2023-04-01 12:00 AM
4
githubexploit
githubexploit

Exploit for Out-of-bounds Read in Microsoft

Information ============== Windows Kernel Pool (clfs.sys)...

7.8CVSS

6.8AI Score

0.002EPSS

2024-03-21 09:39 PM
58
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Openssl

CVE−2022-3602 What is this? This document and...

7.5CVSS

8.2AI Score

0.116EPSS

2022-10-30 11:32 PM
15
veracode
veracode

Denial Of Service (DoS)

qemu is vulnerable to a Denial of Service(DoS) attack. The vulnerability is due to an assertion failure in the update_sctp_checksum() function in hw/net/net_tx_pkt.c, allows a malicious guest to trigger a denial of...

5.5CVSS

6.9AI Score

0.0004EPSS

2024-04-27 05:19 PM
3
veracode
veracode

Deserialization Of Untrusted Data

typo3/phar-stream-wrapper is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of user-supplied Phar achive data before deserialization, which allows attackers to manipulate the serialized data to execute arbitrary...

7.7AI Score

2024-06-10 06:00 AM
1
veracode
veracode

Denial Of Service (DoS)

apache2 is vulnerable to Denial of Service (DoS). This vulnerability allows an attacker to cause denial of service conditions on a vulnerable system by exploiting a race condition that occurs when a HTTP/2 connection is reset (RST frame) by a...

5.9CVSS

6.6AI Score

0.004EPSS

2023-10-20 07:48 AM
14
veracode
veracode

Out-of-bounds Read

libfreerdp.so is vulnerable to an out-of-bounds read. The vulnerability is due to inadequate bounds checking in the zgfx_decompress_segment function because the variable count is not checked against Stream_GetRemainingLength. This could allow an attacker to potentially access sensitive information....

9.8CVSS

6.6AI Score

0.0004EPSS

2024-05-03 06:44 AM
3
veracode
veracode

Denial Of Service (DoS)

MediaWiki is vulnerable to Denial Of Service (DoS). The vulnerability is due to a flaw in includes/specials/SpecialMovePage.php. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request.....

6.9AI Score

0.0004EPSS

2024-05-14 08:10 AM
6
veracode
veracode

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to inadequate input validation in the _load_custom_objects function within mlflow/tensorflow/init.py, which allows attackers to execute arbitrary code by injecting a malicious pickle object into the Tensorflow...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-10 06:33 AM
3
veracode
veracode

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service (DOS). The vulnerability is due to the async HTTP client buffering the mirror response with an unbounded buffer, which allows attackers to potentially cause an out-of-memory scenario by sending huge...

6.5CVSS

5.5AI Score

0.0004EPSS

2024-06-07 05:23 AM
mongodb
mongodb

Out-of-bounds read in bson module of PyMongo

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application...

8.1CVSS

4.7AI Score

0.001EPSS

2024-06-05 02:32 PM
1
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2023-36745 Microsoft Exchange Server...

8CVSS

7.8AI Score

0.001EPSS

2023-10-23 07:06 PM
165
cve
cve

CVE-2023-1481

A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The...

6.1CVSS

6AI Score

0.001EPSS

2023-03-18 09:15 AM
29
cve
cve

CVE-2023-1480

A vulnerability classified as critical was found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument un leads to sql injection.....

9.8CVSS

9.7AI Score

0.001EPSS

2023-03-18 09:15 AM
26
osv
osv

EoP in shouldAbortBackgroundActivityStart of ActivityStarter.java

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS

6.3AI Score

0.0004EPSS

2023-04-01 12:00 AM
8
osv
osv

Mattermost vulnerable to denial of service via large number of emoji reactions

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...

4.3CVSS

4.3AI Score

0.0005EPSS

2024-02-09 06:31 PM
6
veracode
veracode

Denial Of Service (DOS)

pimcore/pimcore is vulnerable to Denial Of Service. The vulnerability due to the lack of restrictions on the scaling factors that can be applied to image thumbnails, potentially creating disproportionately large files or overwhelming server CPU...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-06 06:09 AM
veracode
veracode

Denial Of Service (DoS)

Squid is vulnerable to Denial of Service via HTTP Chunked Decoder. The vulnerability is due to an uncontrolled recursion bug in the HTTP Chunked decoder in Squid. This bug allows a remote attacker to cause Denial of Service by sending a crafted, chunked, encoded HTTP...

8.6CVSS

6.7AI Score

0.0004EPSS

2024-03-08 04:00 AM
11
veracode
veracode

Deserialization Of Untrusted Data

org.apache.inlong: manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by improper query parameters sanitization within the filterSensitive method, which allows an attackers to bypass JDBC security...

6.9AI Score

0.0004EPSS

2024-05-09 05:50 AM
2
veracode
veracode

Denial Of Service (DoS)

libdjvulibre.so is Denial Of Service (DoS). The vulnerability exists in the IW44Image::Map::image function at IW44Image.cpp due to a divide by zero bug resulting in a floating point exception causing an application...

6.5CVSS

6.7AI Score

0.001EPSS

2023-08-25 05:20 AM
8
veracode
veracode

Denial Of Service (DoS)

libdjvulibre.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the lack of input validation in the IW44EncodeCodec.cpp when preparing the gray level conversion table, which allows an attacker to cause an application crash via divide by...

6.5CVSS

6.7AI Score

0.001EPSS

2023-08-24 04:25 AM
4
veracode
veracode

Denial Of Service (DOS)

NodeJS is vulnerable to Denial Of Service (DOS). The vulnerability is caused due the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed.....

6.5CVSS

6.9AI Score

0.0004EPSS

2024-02-29 04:13 AM
6
veracode
veracode

Denial Of Service (DoS)

strukturag/libde265 is vulnerable to Denial of Service (DoS). The vulnerability is caused due to a lack of proper bounds checking when calculating memory allocation sizes within image.cc. An attacker could manipulate the values to exceed the intended dimensions, leading to a buffer overflow and...

7.2AI Score

0.0004EPSS

2024-04-24 07:20 AM
7
veracode
veracode

Out-of-bounds Write

chromium:bullseye, chromium:sid is vulnerable to Out-of-bounds Write. The vulnerability exists in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

8.8CVSS

6.3AI Score

0.007EPSS

2023-12-24 01:43 AM
14
veracode
veracode

Denial Of Service (DoS)

Rack is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of Range headers, allowing an attacker to craft headers in a way that results in an unexpectedly large response, which can result in Denial of Service...

5.8CVSS

6.9AI Score

0.0004EPSS

2024-02-29 06:31 AM
8
veracode
veracode

Denial Of Service (DoS)

org.elasticsearch:elasticsearch is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of deeply nested pipelines during document processing which can cause the Elasticsearch node to crash, resulting in Denial Of...

4.9CVSS

6.7AI Score

0.0004EPSS

2024-03-29 10:30 AM
13
veracode
veracode

Denial Of Service (DoS)

FreeRDP is vulnerable to Denial of Service (DoS). The vulnerability is due to allocating an size, which can cause the FreeRDP client to crash when connected to a malicious...

7.5CVSS

7.4AI Score

0.0004EPSS

2024-04-25 07:00 AM
4
veracode
veracode

Out-of-bounds Read

apache2 is vulnerable to Out-of-bounds Read. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Apache HTTP Server. The request would contain a specially crafted mod_macro directive that would cause the server to read data from outside of the...

7.5CVSS

6.8AI Score

0.01EPSS

2023-10-20 06:57 AM
24
veracode
veracode

Out-of-bounds Read

libfreerdp.so is vulnerable to an out-of-bounds read. The vulnerability is due to insufficient validation of the SrcSize before reading data from pSrcData, potentially allowing reading beyond the allocated memory when SrcSize is less than 4. This could allow an attacker to access sensitive...

9.8CVSS

6.6AI Score

0.0004EPSS

2024-05-03 06:41 AM
6
veracode
veracode

Denial Of Service (DoS)

Node.js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of HTTP/2 CONTINUATION frames, where sending a small amount of HTTP/2 frames packets can cause data to be left in nghttp2 memory after a reset, leading to a race condition when the Http2Session...

8.2CVSS

8.3AI Score

0.0004EPSS

2024-04-11 02:04 AM
5
veracode
veracode

Denial Of Service (DoS)

node-tar is vulnerable to Denial of service (DoS). The vulnerability is caused by to lack of validation on the number of folders created during the folder creation process. This allows an attacker to consume excessive CPU and memory resources, potentially causing the system to become unresponsive.....

6.5CVSS

7AI Score

0.0004EPSS

2024-03-26 04:59 PM
17
veracode
veracode

Out-of-bounds Read

FreeRDP is vulnerable to Out-of-bounds Read. The vulnerability is caused due to an incorrect calculation of the WCHAR string length during conversion to UTF-8 within redirection.c, resulting in out-of-bounds...

7.5CVSS

7.4AI Score

0.0004EPSS

2024-04-25 07:35 AM
3
veracode
veracode

Out-of-bounds Read

libfreerdp.so is vulnerable to an out-of-bounds read. This vulnerability is due to inadequate bounds checking in the planar_skip_plane_rle function, leading to potential out-of-bounds reads when processing RLE-encoded...

9.8CVSS

7AI Score

0.0004EPSS

2024-05-03 06:44 AM
5
veracode
veracode

Out-of-bounds Read

FreeRDP is vulnerable to Out-of-bounds Read. The vulnerability is caused due to inadequate bounds checking when reading data from a buffer.This allows an attacker to access or manipulate data outside its intended range, potentially leading to unauthorized information...

9.8CVSS

9.2AI Score

0.0004EPSS

2024-04-25 05:29 AM
6
veracode
veracode

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of validation in the _load_from_pickle function in the mlflow/langchain/utils.py file, allowing an attacker to execute arbitrary code on the victim's system through a malicious Langchain AgentExecutor.....

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-10 04:44 AM
veracode
veracode

Regular Expression Denial Of Service

kubeflow/kubeflow is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to the usage of a regular expression to validate email addresses which has inefficient complexity, allowing an attacker to submit a crafted email which results in excessive CPU consumption,...

7.5CVSS

6.7AI Score

0.0004EPSS

2024-06-18 06:26 AM
1
veracode
veracode

Insufficient Verification Of Data Authenticity

org.wildfly.security:wildfly-elytron-http-oidc is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the session token caching logic when an OIDC app serving multiple tenants accesses a new tenant with a different OIDC configuration. This flaw occurs in...

7.3CVSS

6.7AI Score

0.0004EPSS

2024-04-15 09:37 AM
5
veracode
veracode

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to inadequate input validation in the _load_model function within mlflow/pytorch/init .py. This allows an attacker to execute arbitrary code on the victim's system by injecting a malicious pickle object...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-07 06:08 AM
1
veracode
veracode

Use Of Insufficiently Random Values

zendframework/zendframework is vulnerable to insufficient entropy. The vulnerability is due to using PHP's mt_rand() function as a fallback for generating random bytes, which is predictable and susceptible to brute force attacks on the...

7.1AI Score

2024-06-19 10:06 AM
veracode
veracode

Denial Of Service (DoS)

libiniparser.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to improperly checking in iniparser_getstring of iniparser.c, allowing an attacker to cause an application...

5.5CVSS

6.7AI Score

0.0004EPSS

2023-06-16 02:27 PM
12
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

8.6AI Score

2021-12-10 11:19 PM
674
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863/CVE-2023-41064 A POC for...

8.8CVSS

7.3AI Score

0.642EPSS

2023-09-21 05:22 AM
48
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Gnu Glibc

PoC of CVE-2023-4911 "Looney Tunables" This is a PoC of...

7.8CVSS

8.5AI Score

0.014EPSS

2023-10-04 02:12 PM
299
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Gnu Glibc

CVE-2023-4911-Looney-Tunables Looney Tunables Local privilege...

7.8CVSS

8.6AI Score

0.014EPSS

2023-10-25 11:59 AM
167
cvelist
cvelist

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

7.5CVSS

7.7AI Score

0.027EPSS

2020-05-06 12:00 AM
veracode
veracode

Denial Of Service (DoS)

mariadb is vulnerable to Denial of Service (DoS) attacks. The vulnerability occurs when MariaDB attempts to print a warning message for a query that fails. If the query contains a NULL value, MariaDB could dereference a NULL pointer and...

6.5CVSS

6.8AI Score

0.001EPSS

2023-08-08 11:03 PM
24
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Gnu Glibc

CVE-2023-4911 - Looney Tunables This is a (atm very rough)...

7.8CVSS

8.4AI Score

0.014EPSS

2023-10-04 02:32 PM
342
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4j-check 支持RC1绕过 log4J...

8.9AI Score

2021-12-13 01:55 AM
420
vulnrichment
vulnrichment

CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

7.5CVSS

7.1AI Score

0.027EPSS

2020-05-06 12:00 AM
1
Total number of security vulnerabilities2372154