Lucene search

K

Ragic, Inc. Security Vulnerabilities

cve
cve

CVE-2024-31396

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on.....

7.4AI Score

0.0004EPSS

2024-05-22 05:15 AM
27
nvd
nvd

CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This.....

9.8CVSS

9.7AI Score

0.001EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2023-49897

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the...

8.8CVSS

8.8AI Score

0.01EPSS

2023-12-06 07:15 AM
123
In Wild
cve
cve

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of...

5.3CVSS

6.9AI Score

0.0005EPSS

2024-06-10 10:15 PM
24
cve
cve

CVE-2022-48702

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.4AI Score

0.0004EPSS

2024-05-03 04:15 PM
36
cvelist
cvelist

CVE-2022-48702 ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

7.5AI Score

0.0004EPSS

2024-05-03 03:13 PM
1
nvd
nvd

CVE-2024-4444

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the....

5.3CVSS

5.7AI Score

0.001EPSS

2024-05-14 03:43 PM
cve
cve

CVE-2024-36359

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

5.4CVSS

6.1AI Score

0.0005EPSS

2024-06-10 10:15 PM
21
cve
cve

CVE-2024-32849

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its...

7.8CVSS

6.6AI Score

0.0005EPSS

2024-06-10 10:15 PM
21
cve
cve

CVE-2024-21900

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and...

6.5CVSS

6.5AI Score

0.0005EPSS

2024-03-08 05:15 PM
42
nvd
nvd

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-02 05:15 PM
cve
cve

CVE-2015-10129

A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity...

5.9CVSS

5.8AI Score

0.001EPSS

2024-02-04 05:15 AM
15
nvd
nvd

CVE-2015-10129

A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity...

5.9CVSS

4.8AI Score

0.001EPSS

2024-02-04 05:15 AM
cve
cve

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.6AI Score

0.0004EPSS

2024-05-02 05:15 PM
32
cve
cve

CVE-2023-41273

A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533...

7.2CVSS

7.1AI Score

0.001EPSS

2024-02-02 04:15 PM
8
cve
cve

CVE-2023-45028

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the...

5.5CVSS

4.9AI Score

0.0004EPSS

2024-02-02 04:15 PM
13
cve
cve

CVE-2024-32764

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

9.9CVSS

9.3AI Score

0.001EPSS

2024-04-26 03:15 PM
26
cve
cve

CVE-2023-47220

An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5...

6.6CVSS

7.5AI Score

0.0004EPSS

2024-05-03 03:16 AM
28
cve
cve

CVE-2023-47221

A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...

5.5CVSS

5.2AI Score

0.0004EPSS

2024-03-08 05:15 PM
30
cve
cve

CVE-2023-47222

An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on ....

9.6CVSS

6.3AI Score

0.0004EPSS

2024-04-26 03:15 PM
27
nvd
nvd

CVE-2024-2109

The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user...

5.3CVSS

5.6AI Score

0.0005EPSS

2024-05-02 05:15 PM
2
cve
cve

CVE-2024-2689

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

4.4CVSS

6.4AI Score

0.0004EPSS

2024-04-03 10:15 PM
29
cve
cve

CVE-2020-7923

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8...

6.5CVSS

6.1AI Score

0.001EPSS

2020-08-21 03:15 PM
60
cve
cve

CVE-2024-21901

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS....

4.7CVSS

5.2AI Score

0.001EPSS

2024-03-08 05:15 PM
34
cve
cve

CVE-2023-41290

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...

4.1CVSS

6.3AI Score

0.0004EPSS

2024-04-26 03:15 PM
24
cve
cve

CVE-2021-32039

Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code...

5.5CVSS

5.4AI Score

0.0004EPSS

2022-01-20 03:15 PM
31
cve
cve

CVE-2019-20923

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to...

6.5CVSS

6.2AI Score

0.001EPSS

2020-11-30 12:00 AM
27
cve
cve

CVE-2024-2301

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the...

5.9AI Score

0.0004EPSS

2024-05-23 05:15 PM
60
cvelist
cvelist

CVE-2024-3725

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-02 04:52 PM
nvd
nvd

CVE-2024-0847

The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-05-02 05:15 PM
cve
cve

CVE-2023-41291

A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version:...

5.5CVSS

6.3AI Score

0.0004EPSS

2024-04-26 03:15 PM
26
arista
arista

Security Advisory 0097

Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in...

6AI Score

EPSS

2024-05-24 12:00 AM
5
nessus
nessus

RHEL 7 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: loading of modules from current directory (CVE-2016-1238) perl: XSLoader loads relative paths not...

8.1AI Score

0.004EPSS

2024-05-11 12:00 AM
3
vulnrichment
vulnrichment

CVE-2022-48702 ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()

In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the.....

6.7AI Score

0.0004EPSS

2024-05-03 03:13 PM
nessus
nessus

openSUSE Security Update : gitolite (openSUSE-2019-754)

This update for gitolite fixes the following issues : Gitolite was updated to 3.6.9 : CVE-2018-16976: prevent racy access to repos in process of migration to gitolite (boo#1108272) 'info' learns new '-p' option to show only physical repos (as opposed to wild repos) The update to...

8.1CVSS

7.9AI Score

0.001EPSS

2019-03-27 12:00 AM
8
nvd
nvd

CVE-2024-1716

The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...

4.3CVSS

4.3AI Score

0.001EPSS

2024-05-02 05:15 PM
cve
cve

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1...

7.7AI Score

0.004EPSS

2024-04-29 05:15 PM
71
nvd
nvd

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1...

7.4AI Score

0.004EPSS

2024-04-29 05:15 PM
1
nvd
nvd

CVE-2024-3375

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or...

9.4CVSS

9.4AI Score

0.001EPSS

2024-04-29 09:15 AM
1
cve
cve

CVE-2023-52739

In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca ...

6.8AI Score

0.0004EPSS

2024-05-21 04:15 PM
26
arista
arista

Security Advisory 0096

Security Advisory 0096 _._CSAF PDF Date: May 21, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 21, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-5502 CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-287 Improper...

6.3AI Score

EPSS

2024-05-21 12:00 AM
1
cve
cve

CVE-2024-27242

Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network...

4.1CVSS

6.3AI Score

0.0004EPSS

2024-04-09 06:15 PM
23
cve
cve

CVE-2024-24699

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network...

6.5CVSS

6.1AI Score

0.0004EPSS

2024-02-14 12:15 AM
14
cve
cve

CVE-2024-27244

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-15 09:15 PM
19
cvelist
cvelist

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1...

7.7AI Score

0.004EPSS

2024-04-29 12:00 AM
1
cvelist
cvelist

CVE-2024-3375 Broken Access Control in Havelsan's Dialogue

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or...

9.4CVSS

9.5AI Score

0.001EPSS

2024-04-29 09:00 AM
2
cve
cve

CVE-2024-24698

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local...

4.9CVSS

4.8AI Score

0.0004EPSS

2024-02-14 12:15 AM
14
cve
cve

CVE-2024-3375

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or...

9.4CVSS

6.9AI Score

0.001EPSS

2024-04-29 09:15 AM
28
cve
cve

CVE-2024-24696

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network...

6.8CVSS

6.3AI Score

0.0004EPSS

2024-02-14 12:15 AM
15
cve
cve

CVE-2024-27243

Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-15 09:15 PM
22
Total number of security vulnerabilities288358