A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection....
9.8CVSS
9.6AI Score
0.002EPSS
7.3AI Score
CVE-2024-24919 Exploit CVE Identifier: CVE-2024-24919...
8.6CVSS
6.2AI Score
0.945EPSS
WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting
WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...
6.1CVSS
6AI Score
0.001EPSS
Debug Log – Manger Tool < 1.5 - Unauthenticated Information Exposure via Logs
Description The Debug Log – Manger Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in...
5.3CVSS
6.3AI Score
0.0004EPSS
CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY...
7.5CVSS
0.0004EPSS
(RHSA-2024:3264) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.6AI Score
0.0004EPSS
A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...
5.4CVSS
6.2AI Score
0.001EPSS
Kubernetes Sensitive Information leak via Log File
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, <...
5.5CVSS
6.3AI Score
0.0005EPSS
Exploit for CVE-2024-24919 Description This Python...
8.6CVSS
6.1AI Score
0.945EPSS
Mass Auto Scanner for CVE-2024-24919 This script is designed to...
8.6CVSS
6.4AI Score
0.945EPSS
Microsoft Windows Process Information
Report details on the running processes on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system...
1.4AI Score
Release Information for Veeam Service Provider Console 7 Cumulative Patches
Release Information for Veeam Service Provider Console 7 Cumulative...
6.7AI Score
Computer Manufacturer Information (WMI)
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial...
2.6AI Score
Sensitive Information Disclosure
nebari is vulnerable to Privilege Escalation. This vulnerability due to printing the temporary Keycloak root password to console during project initialization, which results in sensitive information...
6.4AI Score
0.0004EPSS
CVE-2024-24919 Checker A simple bash script to check for the...
8.6CVSS
6.2AI Score
0.945EPSS
CVE-2024-24919 Exploit script for...
8.6CVSS
6.3AI Score
0.945EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
CVE-2024-24919 Usage Usage: ./CVE-2024-24919.sh -i ...
8.6CVSS
6.3AI Score
0.945EPSS
CVE-2024-24919 Usage Usage: ./CVE-2024-24919.sh -i ...
8.6CVSS
6.3AI Score
0.945EPSS
Intro Simple POC Python script that check & leverage Check...
8.6CVSS
6.3AI Score
0.945EPSS
Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route...
6CVSS
4.5AI Score
0.001EPSS
AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...
5.9CVSS
5.8AI Score
0.001EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
Contact Form Widget < 1.4.0 - Sensitive Information Exposure
Description The Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to extract sensitive user or...
5.3CVSS
6.9AI Score
0.0004EPSS
Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel
Zitadel exposing internal database user name and host information in...
5.3CVSS
5.2AI Score
0.0004EPSS
Ghost < 1.5.0 - Unauthenticated Sensitive Information Exposure
Description The Ghost plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log...
7.5CVSS
6AI Score
0.0004EPSS
Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data,....
5.3CVSS
6.8AI Score
0.001EPSS
Description The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers,...
4.3CVSS
6.4AI Score
0.0004EPSS
Summary Apache Camel is shipped with IBM Tivoli Netcool Impact as part of the data provider interface in the GUI server. Information about a security vulnerability affecting Apache ActiveMQ has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2024-22371 DESCRIPTION:...
2.9CVSS
6.1AI Score
0.0004EPSS
intel-microcode is vulnerable to information disclosure. The vulnerability is due to non-transparent sharing of return predictor targets between contexts, which may allow an authorized user to potentially enable information disclosure via local...
5.5CVSS
5.4AI Score
0.0004EPSS
Release Information for Dell PowerMax Plug-In for Veeam Backup & Replication
Release Information for Dell PowerMax Plug-In for Veeam Backup &...
2AI Score
HPE Systems Insight Manager RCE (CVE-2020-7200)
A remote code execution vulnerability exists in HPE Systems Insight Manager (SIM) due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. An unauthenticated, remote attacker can exploit this to bypass...
9.8CVSS
3.2AI Score
0.695EPSS
co-matic.com Cross Site Scripting vulnerability OBB-3858335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
6.8CVSS
6.9AI Score
0.0005EPSS
intel-microcode is vulnerable to information disclosure. The vulnerability is due to incorrect calculation in the microcode keying mechanism, which may allow a privileged user to potentially enable information disclosure via local...
5.3CVSS
4.9AI Score
0.0004EPSS
Neos Flow Information disclosure in entity security
If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user (like the company he belongs to), entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from....
7.5AI Score
Description The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to.....
5.3CVSS
6.8AI Score
0.0005EPSS
Time-Based Information Disclosure Vulnerability in Flow
The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were...
6.9AI Score
Description The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
4.3CVSS
6.4AI Score
0.0004EPSS
Time-Based Information Disclosure Vulnerability in Flow
The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were...
6.9AI Score
Neos Flow Information disclosure in entity security
If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user (like the company he belongs to), entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from....
7.5AI Score
Summary IBM Maximo Asset Management application is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4...
4CVSS
6.2AI Score
0.0004EPSS
Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Information Disclosure
Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store. ...
6.9AI Score
0.0004EPSS
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and...
5.3CVSS
7.1AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Volana - Shell Command Obfuscation To Avoid Detection Systems
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you should clear your tracks after your passage. Nevertheless, many infrastructures log command and send them to a SIEM in a real time making the afterwards cleaning part.....
7.7AI Score
Gutenify < 1.4.1 - Unauthenticated Sensitive Information Exposure
Description The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS