JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit...
10CVSS
9.7AI Score
0.931EPSS
Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...
5.3CVSS
6.4AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortios
CVE-2022-42475 Background This is the exploit for the...
9.8CVSS
9.9AI Score
0.321EPSS
According to its self-reported version, Cisco Firepower Threat Defense (FTD) Software is affected by a vulnerability. Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to...
5.8CVSS
5.8AI Score
0.0004EPSS
Microsoft.NETCore.App.Runtime is vulnerable to Denial of Service. The vulnerability is due to reading a maliciously crafted X.509 certificate which may result in Denial of Service. This issue only affects Linux...
6.5CVSS
6.7AI Score
0.001EPSS
U.S. Dept Of Defense: reflected xss [CVE-2020-3580]
Hey Security Team It was observed that the application is vulnerable to cross-site scripting (XSS). XSS is a type of attack that involves running a malicious scripts on a victim’s browser. website: ███████ attached When the user clicks submit, his information will be stolen Impact Cookie Stealing.....
6.1CVSS
5.9AI Score
0.971EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment...
10CVSS
10AI Score
0.976EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
CVE-2024-24590-ClearML-RCE-Exploit Python script that...
8.8CVSS
9.1AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...
8.2AI Score
8.6AI Score
Improper Enforcement Of Behavioral Workflow
aimeos/ai-client-html is vulnerable to Improper enforcement of behavioral workflow. The vulnerability is due to an issue where digital downloads sold in online shops can be accessed without valid payment, for instance, if the payment process fails. This could allow attackers to obtain digital...
6.9AI Score
Exploit for Out-of-bounds Write in 7-Zip
INFORMATION I haven't posted any poc code anywhere for...
7.8CVSS
AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
8.8AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
CVE-2022-1015 This repository contains a PoC for local...
6.6CVSS
0.7AI Score
0.0004EPSS
typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to improper session validation, which allows attackers to create an arbitrary amount of individual session-data records in the database, which results in Denial of...
7.1AI Score
Exploit for Deserialization of Untrusted Data in Clear Clearml
_____ _ __ __ _ _____ ____ _...
8.8CVSS
9AI Score
0.001EPSS
Improper Verification Of Cryptographic Signature
gnutls is vulnerable to Improper Verification Of Cryptographic Signature. The vulnerability is due to improper handling of certificate chains with distributed trust, particularly when used with cockpit and validated through cockpit-certificate-ensure. This allows an unauthenticated attacker to...
7.5CVSS
6.7AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
[
word-wrap is vulnerable to Regular Expression Denial Of Service (ReDoS). The vulnerability exists due to the usage of an regular expression with inefficient time complexity, resulting in long parsing...
7.5CVSS
6.8AI Score
0.001EPSS
Exploit for Improper Preservation of Permissions in Podman Project Podman
CVE-2022-1227_Exploit A script for exploiting CVE-2022-1227....
8.8CVSS
8.8AI Score
0.003EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
NOTE: this cve was not found by me, i'm simply reuploading a...
8.8CVSS
6.8AI Score
0.001EPSS
7.4AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Apache Http Server
CVE-2021-44790 Mô tả CVE-2021-44790 CVE-2021-44790 mô...
9.8CVSS
7.2AI Score
0.088EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
6.8AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to.....
8.1CVSS
8.3AI Score
0.005EPSS
A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument...
6.1CVSS
6AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Gnu Glibc
PoC of CVE-2023-4911 Looney Tunables This is a PoC of...
7.8CVSS
8.3AI Score
0.014EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
nftables oob read/write exploit (CVE-2023-35001) Exploit...
7.8CVSS
6.8AI Score
0.0005EPSS
Exploit for Insecure Default Initialization of Resource in Apache Superset
CVE-2023-27524: Apache Superset Auth Bypass and RCE Apache...
9.8CVSS
8.6AI Score
0.97EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation...
7.8CVSS
8.5AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 One day for the polkit privilege escalation...
7.8CVSS
8.8AI Score
0.0005EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site...
6.1CVSS
6AI Score
0.001EPSS
9.8CVSS
7.3AI Score
0.97EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228(Apache Log4j Remote Code Execution) [all...
10CVSS
10AI Score
0.976EPSS
Denial of service in langchain-community
Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...
4.2CVSS
4.3AI Score
0.0004EPSS
CVE-2018-11236: fix stack buffer overflow when realpath() input length is close to SSIZE_MAX. CVE-2024-2961: fix out-of-bound writes in ISO-2022-CN-EXT escape...
9.8CVSS
7.2AI Score
0.014EPSS
Grafana Spoofing originalUrl of snapshots
To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....
6.7CVSS
3.9AI Score
0.001EPSS
Mattermost fails to authenticate the source of certain types of post actions
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post...
6.5CVSS
6.5AI Score
0.0004EPSS
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....
8.8CVSS
6AI Score
0.038EPSS
aimeos/aimeos-core is vulnerable to Denial Of Service. The vulnerability is due to a lack of checks performed while saving and retrieving locale...
7AI Score
Symfony is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper hostname validation via a regular expression within Request::getHost(), which results in...
6.5AI Score
EPSS
Exploit for Out-of-bounds Write in Samba
CVE-2021-44142 Vulnerability Checker A tool to check if a...
8.8CVSS
9AI Score
0.18EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...
7.8CVSS
8.7AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Fortinet Fortios-6K7K
xortigate-cve-2023-27997 Exploit for xortigate...
9.8CVSS
10AI Score
0.135EPSS
8.8CVSS
9.4AI Score
0.642EPSS
Denial Of Service Via Account Lockout
org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect...
7AI Score
7.8CVSS
8.4AI Score
0.0005EPSS
Deserialization Of Untrusted Data
symbiote/silverstripe-multivaluefield is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to inadequate validation of user input, as well as object injection caused by support for handling PHP objects as values, which allows an attacker to inject malicious...
7.4AI Score
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured...
7.2AI Score
0.008EPSS