python-drgn bug fix and enhancement update
An update is available for python-drgn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux....
6.8AI Score
wireguard-tools bug fix and enhancement update
An update is available for wireguard-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
NetworkManager-libreswan bug fix and enhancement update
An update is available for NetworkManager-libreswan. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see...
6.8AI Score
containers-common bug fix and enhancement update
An update is available for containers-common. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The containers-common package contains common configuration files.....
7.2AI Score
xdp-tools bug fix and enhancement update
An update is available for xdp-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
User enumeration is possible by performing a timing attack on the login or password reset pages with user...
7.3AI Score
User enumeration is possible by performing a timing attack on the login or password reset pages with user...
7.3AI Score
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
7.6AI Score
0.05EPSS
List of Security Fixes and Improvements in Veeam Agent for Microsoft Windows
This article describes all security-related fixes and improvements introduced in each release or update of Veeam Agent for Microsoft...
2.2AI Score
python3.12-pycparser bug fix and enhancement update
An update is available for python3.12-pycparser. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
6.8AI Score
virtio-win bug fix and enhancement update
An update is available for virtio-win. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux.....
6.8AI Score
python3.12-lxml bug fix and enhancement update
An update is available for python3.12-lxml. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
rust-afterburn bug fix and enhancement update
An update is available for rust-afterburn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
selinux-policy bug fix and enhancement update
An update is available for selinux-policy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update
Migration Toolkit for Applications 7.0.3 Images Security Fix(es) from Bugzilla: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180) axios: exposure of...
7.4AI Score
EPSS
Exponent CMS < 2.4.0 Multiple SQLi and RCE Vulnerabilities
Exponent CMS is prone to multiple SQL injection (SQLi) and remote code execution (RCE)...
9.8CVSS
10AI Score
0.012EPSS
TP-Link TD-W8951ND XSS and CSRF Vulnerabilities
TP-Link TD-W8951ND is prone to cross-site scripting (XSS) and cross-site request forgery (CSRF)...
6.6AI Score
This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.springframework.security:spring-security-core Dependency vulnerability, with a CVSS Score of 8.2 and a CVSS...
8.2CVSS
6.6AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Kingsoft Internet Security 9 Plus
CVE-2022-25949 A years-old exploit of a local EoP...
7.8CVSS
7.7AI Score
0.001EPSS
Microsoft Windows Help and Support Center RCE Vulnerability
Microsoft Windows is prone to a remote code execution (RCE) vulnerability. This VT has been replaced...
7.1AI Score
0.974EPSS
Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery,, denial of service, and arbitrary code execution, as described in the "Vulnerability...
5.9CVSS
8.4AI Score
0.0004EPSS
pcp security, bug fix, and enhancement update
An update is available for pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...
8.8CVSS
7.5AI Score
0.0004EPSS
flatpak security, bug fix, and enhancement update
An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Flatpak is a system for building, distributing, and running sandboxed...
10CVSS
7.3AI Score
0.001EPSS
bash-completion bug fix and enhancement update
An update is available for bash-completion. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
python-configshell bug fix and enhancement update
An update is available for python-configshell. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
6.8AI Score
python-urllib3 bug fix and enhancement update
An update is available for python-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for...
8.8CVSS
6.4AI Score
0.001EPSS
Grafana Email addresses and usernames can not be trusted
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: Download...
8.1CVSS
7AI Score
0.002EPSS
Apache Karaf Cave: Cave SSRF and arbitrary file access
This issue affects all versions of Apache Karaf Cave. As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are....
6.8AI Score
0.0004EPSS
7.1AI Score
Description The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization....
6.4CVSS
5.8AI Score
0.001EPSS
Arigato Autoresponder and Newsletter < 2.7.2.4 - Cross-Site Request Forgery
Description The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2.3. This is due to missing or incorrect nonce validation on the contact_form() function. This makes it possible for unauthenticated...
4.3CVSS
6.6AI Score
0.0004EPSS
Moderate: mod_jk and mod_proxy_cluster security update
The mod_jk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fix(es): httpd: Apache Tomcat Connectors (mod_jk) Information...
7.5CVSS
6.1AI Score
0.001EPSS
python3.12-cffi bug fix and enhancement update
An update is available for python3.12-cffi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
aardvark-dns bug fix and enhancement update
An update is available for aardvark-dns. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The aardvark-dns package is and authoritative DNS server for A/AAAA...
7.2AI Score
rust-bootupd bug fix and enhancement update
An update is available for rust-bootupd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
pki-core bug fix and enhancement update
An update is available for pki-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
fuse-overlayfs bug fix and enhancement update
An update is available for fuse-overlayfs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
6.8AI Score
virt-v2v bug fix and enhancement update
An update is available for virt-v2v. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
rdma-core bug fix and enhancement update
An update is available for rdma-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...
6.8AI Score
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
5.8AI Score
0.0004EPSS
Apache OpenOffice 'Unquoted Search Path' and RCE Vulnerabilities
Apache OpenOffice is prone to an unquoted windows search path and remote code execution (RCE)...
7.8CVSS
8.2AI Score
0.002EPSS
Apache Archiva Cross Site Scripting And CSRF Vulnerabilities
Apache Archiva is prone to cross-site request forgery (CSRF) and cross-site scripting...
8.8CVSS
6.1AI Score
0.006EPSS
This KB article lists all versions of Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization and their respective build...
6.9AI Score
vBulletin Forum Arbitrary File Deletion And RCE Vulnerabilities
vBulletin is prone to arbitrary file deletion and remote code execution (RCE)...
9.8CVSS
9.8AI Score
0.009EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129). OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000....
6.5CVSS
7AI Score
0.001EPSS
7.1AI Score
Panic in certificate parsing in crypto/x509 and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can.....
7.5CVSS
7.4AI Score
0.02EPSS