.NET is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to processing X.509 certificates, which allows a malicious user is to trigger an application crash by passing a crafted...
7.5CVSS
6.7AI Score
0.001EPSS
Yarp.ReverseProxy is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists due insufficient checks in StreamCopyHttpContent.cs, which allows an attacker to cause denial of service...
7.5CVSS
6.6AI Score
0.001EPSS
Microsoft QUIC is vulnerable to Denial of Service (DOS). The vulnerability is due to a memory leak in the QuicCryptoTlsReadExtensions function in crypto_tls.c, which results in Denial of Service. An attacker can create multiple instances are present or multiple calls to the decode...
7.5CVSS
6.9AI Score
0.001EPSS
Microsoft QUIC is vulnerable to Denial Of Service (DoS). The vulnerability is due to the library allowing version negotiation packets for server connections, which enables an attacker to crash the...
7.5CVSS
6.8AI Score
0.002EPSS
Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service (DoS). The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web Encryption(JWE) token. Successful...
6.8CVSS
7AI Score
0.001EPSS
.NET is vulnerable to Denial Of Service (Dos). The vulnerability is due to improper handling of x509 certificates, which can result in Denial of Service...
7.5CVSS
6.5AI Score
0.003EPSS
TaskFragmentOrganizer.applySyncTransaction() allows leaking SurfaceControl of outer Task
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
Permanent denial of service via NotificationManager#createNotificationChannel
In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
Adobe ColdFusion - Deserialization of Untrusted Data
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user...
9.8CVSS
9.6AI Score
0.969EPSS
Exploit for Out-of-bounds Read in Adobe Bridge
Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...
3.3CVSS
6.2AI Score
0.001EPSS
Drupal Brute force amplification attacks via XML-RPC
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same...
7.5CVSS
7.2AI Score
0.003EPSS
Out of bounds read in json-smart
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service (DOS) via a crafted web...
7.5CVSS
4AI Score
0.011EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms
CVE-2023-38836 Exploit File Upload vulnerability in BoidCMS...
8.8CVSS
8.6AI Score
0.673EPSS
YARP Denial of Service Vulnerability
Impact A denial of service vulnerability exists in YARP. Patches If you're using YARP 1.x, you should update to NuGet package version 1.1.2. If you're using YARP 2.0.0, you should update to NuGet package version 2.0.1. You can do so by updating the PackageReference in your .csproj file diff...
7.5CVSS
6.6AI Score
0.001EPSS
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
Use-of-uninitialized-value in complexity_RC_reset_marking
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57398 Crash type: Use-of-uninitialized-value Crash state: complexity_RC_reset_marking ihevce_pre_enc_process_frame_thrd...
6.9AI Score
ASP.NET Core is vulnerable to Denial of Service (DoS). The vulnerability occurs when an attacker cancels a HTTP requests made to ASP.NET Core running on an IIS In Process hosting model, which may cause an increase in thread counts, potentially leading to an OutOfMemoryException, which results in...
8.2CVSS
6.9AI Score
0.001EPSS
.netrc parser out-of-bounds access
curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases cause....
6.5CVSS
7.7AI Score
0.002EPSS
Exploit for Allocation of Resources Without Limits or Throttling in Discourse
CVE-2023-38408 PoC for the recent critical vuln affecting...
6.5CVSS
7.3AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote...
9.2AI Score
Use-of-uninitialized-value in ihevce_enc_frm_proc_slave_thrd
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57397 Crash type: Use-of-uninitialized-value Crash state: ihevce_enc_frm_proc_slave_thrd osal_func...
6.9AI Score
Exploit for Out-of-bounds Write in Google Chrome
libwebp CVE-2023-4863 [A Vulnerability...
8.8CVSS
7.3AI Score
0.642EPSS
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...
5.5CVSS
6.2AI Score
0.001EPSS
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be...
6.1CVSS
6AI Score
0.001EPSS
In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.2AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Microsoft
nse-exchange Nmap NSE scripts to check against exchange...
9.1AI Score
Use-of-uninitialized-value in ihevce_strm_fill_done
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57401 Crash type: Use-of-uninitialized-value Crash state: ihevce_strm_fill_done ihevce_ent_coding_thrd...
6.9AI Score
Mattermost vulnerable to denial of service via large number of emoji reactions
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...
4.3CVSS
4.3AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
Linux_LPE_eBPF_CVE-2021-3490 LPE exploit for CVE-2021-3490....
7.8CVSS
8.1AI Score
0.002EPSS
Exploit for Deserialization of Untrusted Data in Solarwinds Orion Platform
CVE-2021-35215 SolarWinds Orion Platform ActionPluginBaseView...
8.9CVSS
8.9AI Score
0.121EPSS
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of...
9.6CVSS
9.4AI Score
0.002EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit-Exploit CVE-2021-4034 ...
8.1AI Score
Denial of Service in TenderMint
Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. (It is a misconfiguration to reuse chainIDs.) Correct.....
6.5CVSS
6.6AI Score
0.001EPSS
Denial of service while parsing a tar file due to lack of folders count validation
Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....
6.5CVSS
7AI Score
0.0004EPSS
Keycloak Denial of Service via account lockout
In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...
7.1AI Score
Keycloak Denial of Service via account lockout
In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his...
7.1AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof...
9.2AI Score
Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K
Usage: python3 cve-2022-42475.py rhost rport lhost 'command'...
9.8CVSS
10AI Score
0.135EPSS
By-passing Protection of PharStreamWrapper Interceptor
Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details.....
7.5AI Score
Exploit for Improper Handling of Exceptional Conditions in Google Android
CVE-2021-0928, writeToParcel/createFromParcel serialization...
8.2AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4Shell-Rex The following RegEx was written in an attempt...
8.8AI Score
Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...
5.3CVSS
6.7AI Score
0.0004EPSS
Use-of-uninitialized-value in do_callout_jit
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68365 Crash type: Use-of-uninitialized-value Crash state: do_callout_jit...
7.2AI Score
Denial of service while parsing a tar file due to lack of folders count validation
Description: During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this....
6.5CVSS
6.5AI Score
0.0004EPSS
Task hijacking of apps that set allowTaskReparenting="true"
In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Moodle CSRF risks due to misuse of confirm_sesskey
Incorrect CSRF token checks resulted in multiple CSRF...
7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 centos8可用版本...
7.8CVSS
8.6AI Score
0.0005EPSS
Talkback reads notifications of non-current Android user
In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
Mattermost denial of service through long emoji value
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the...
4.3CVSS
7.1AI Score
0.0004EPSS