Lucene search

K

Ricoh Company, Ltd. Security Vulnerabilities

cve
cve

CVE-2024-35629

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-04 02:15 PM
1
cve
cve

CVE-2024-35634

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through...

4.9CVSS

7.2AI Score

0.001EPSS

2024-06-04 02:15 PM
1
cve
cve

CVE-2023-5919

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

7.2CVSS

7AI Score

0.001EPSS

2023-11-02 02:15 PM
22
osv
osv

Company admin role gives excessive privileges in eZ Platform Ibexa

Users with the Company admin role (introduced by the company account feature in v4) can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is typically only given to.....

7.2CVSS

2.7AI Score

0.002EPSS

2023-03-12 06:30 AM
4
cve
cve

CVE-2024-0651

A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has.....

7.2CVSS

7.3AI Score

0.001EPSS

2024-01-18 01:15 AM
10
github
github

Magento Insufficient authorization check when adding users to company accounts

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing...

6.5CVSS

6.6AI Score

0.001EPSS

2022-05-24 04:52 PM
1
cve
cve

CVE-2024-0652

A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has....

4.8CVSS

4.8AI Score

0.001EPSS

2024-01-18 01:15 AM
6
openbugbounty
openbugbounty

company-registration-latvia.lv Cross Site Scripting vulnerability OBB-3897953

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-03 10:54 AM
9
osv
osv

CVE-2019-25086

A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...

5.4CVSS

6.2AI Score

0.001EPSS

2022-12-27 09:15 AM
2
wired
wired

A US Company Enabled a North Korean Scam That Raised Money for WMDs

Wyoming’s secretary of state has proposed ways of “preventing fraud and abuse of corporate filings by commercial registered agents” in the aftermath of the scheme’s...

7.3AI Score

2024-06-05 09:30 AM
9
hackread
hackread

What is an Infosec Audit and Why Does Your Company Need One?

By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need...

7.4AI Score

2024-05-28 10:44 AM
3
githubexploit
githubexploit

Exploit for CVE-2023-44976

BadRentdrv2 A vulnerable driver exploited by me (BYOVD) that...

7.4AI Score

2023-10-01 06:24 PM
74
hackread
hackread

What is an Infosec Audit and Why Does Your Company Need One?

By Uzair Amir Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &… This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need...

7.4AI Score

2024-05-28 10:44 AM
6
nuclei
nuclei

Ellucian Ethos Identity CAS - Cross-Site Scripting

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack...

6.1CVSS

5.1AI Score

0.078EPSS

2023-07-05 06:51 AM
6
zdt

7.5CVSS

6.7AI Score

0.013EPSS

2024-06-02 12:00 AM
12
nuclei
nuclei

WordPress Button Generator <2.3.3 - Remote File Inclusion

WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code...

8.8CVSS

9.1AI Score

0.02EPSS

2022-02-08 01:07 AM
2
exploitdb

7.5CVSS

7.1AI Score

EPSS

2024-06-01 12:00 AM
77
githubexploit
githubexploit

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto...

10CVSS

7.4AI Score

0.957EPSS

2024-04-24 02:21 PM
168
githubexploit
githubexploit

Exploit for CVE-2024-36837

CVE-2024-36837 POC write URL in url.txt and run...

7.8AI Score

EPSS

2024-06-15 04:44 PM
60
nuclei
nuclei

ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME...

6.1AI Score

0.001EPSS

2021-07-14 11:59 PM
6
metasploit
metasploit

Eaton Xpert Meter SSH Private Key Exposure Scanner

Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and...

7.5AI Score

2018-08-31 10:55 PM
46
nuclei
nuclei

ConnectWise ScreenConnect 23.9.7 - Authentication Bypass

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical...

10CVSS

9.5AI Score

0.946EPSS

2024-02-21 10:41 AM
11
osv
osv

CVE-2023-46865

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo...

7.2CVSS

7.9AI Score

0.001EPSS

2023-10-30 01:15 AM
2
packetstorm

7.4AI Score

2024-05-24 12:00 AM
149
osv
osv

Flow Bugfix Releases for Entity Security

If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user (like the company he belongs to), entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from....

7.8AI Score

2024-06-05 05:24 PM
1
github
github

Flow Bugfix Releases for Entity Security

If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user (like the company he belongs to), entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from....

7.8AI Score

2024-06-05 05:24 PM
1
cvelist
cvelist

CVE-2024-0671 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already....

6.8AI Score

0.0004EPSS

2024-04-19 08:50 AM
cve
cve

CVE-2024-0671

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already....

6.8AI Score

0.0004EPSS

2024-04-19 09:15 AM
31
cve
cve

CVE-2024-26201

Microsoft Intune Linux Agent Elevation of Privilege...

6.6CVSS

7AI Score

0.0004EPSS

2024-03-12 05:15 PM
167
packetstorm

7AI Score

0.0004EPSS

2024-06-10 12:00 AM
62
vulnrichment
vulnrichment

CVE-2024-1065 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects...

7AI Score

0.0004EPSS

2024-04-19 08:51 AM
1
cve
cve

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

5.5CVSS

6.6AI Score

0.213EPSS

2024-06-07 12:15 PM
31
In Wild
cvelist
cvelist

CVE-2024-4610 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

0.213EPSS

2024-06-07 11:25 AM
34
cve
cve

CVE-2024-1065

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects...

6.8AI Score

0.0004EPSS

2024-04-19 09:15 AM
40
cvelist
cvelist

CVE-2024-1065 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects...

6.8AI Score

0.0004EPSS

2024-04-19 08:51 AM
vulnrichment
vulnrichment

CVE-2024-4610 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

7AI Score

0.213EPSS

2024-06-07 11:25 AM
nvd
nvd

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

5.5CVSS

0.213EPSS

2024-06-07 12:15 PM
15
debiancve
debiancve

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.6AI Score

0.0004EPSS

2024-05-20 10:15 AM
3
ubuntucve
ubuntucve

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.5AI Score

0.0004EPSS

2024-05-20 12:00 AM
3
cve
cve

CVE-2024-1067

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...

6.5AI Score

0.0004EPSS

2024-05-03 02:15 PM
31
cvelist
cvelist

CVE-2024-1067 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...

6.5AI Score

0.0004EPSS

2024-05-03 01:25 PM
2
osv
osv

CVE-2021-31678

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's...

6.6AI Score

0.001EPSS

2022-07-06 01:15 PM
2
cve
cve

CVE-2023-6363

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...

6.5AI Score

0.0004EPSS

2024-05-03 02:15 PM
37
cvelist
cvelist

CVE-2023-6363 Mali GPU Kernel Driver allows improper GPU processing operations

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...

6.5AI Score

0.0004EPSS

2024-05-03 01:25 PM
githubexploit
githubexploit

Exploit for CVE-2024-25733

ARC Browser Address Bar Spoofing - iOS/iPadOS...

7.3AI Score

2024-04-06 08:18 PM
82
osv
osv

CVE-2023-30789

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/work endpoint and job and company...

5.4CVSS

7.4AI Score

0.001EPSS

2023-05-08 08:15 PM
6
osv
osv

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting...

9.8CVSS

7.8AI Score

0.004EPSS

2024-02-08 08:15 PM
2
zdt

4.9CVSS

6.7AI Score

0.013EPSS

2024-06-02 12:00 AM
10
packetstorm

7.4AI Score

0.001EPSS

2024-04-30 12:00 AM
151
exploitdb

4.9CVSS

7AI Score

EPSS

2024-06-01 12:00 AM
79
Total number of security vulnerabilities51174