Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
9.1CVSS
6.9AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: loupe-45.3-2.fc39
An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...
7.4AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...
6.5AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: crosswords-0.3.13-1.fc39
A simple and fun game of crosswords. Load your crossword files, or play one of the included games. Features include: - Support for shaped and colored crosswords - Loading .ipuz and .puz files - Hint support, such as showing mistakes and suggesting words - Dark mode support - Locally installed...
7.4AI Score
Impact A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a...
6.8AI Score
EPSS
[SECURITY] Fedora 40 Update: emacs-29.4-3.fc40
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for Wayland, using...
6.6AI Score
0.0004EPSS
Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2019-11358 DESCRIPTION: **jQuery, as used in Drupal core, is...
6.1CVSS
6.2AI Score
0.035EPSS
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)
IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...
5.3CVSS
6.2AI Score
0.001EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
0.0004EPSS
[AOSP Bluetooth Use after free-bta_hf_client_sdp.cc-bta_hf_client_do_disc]
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.6AI Score
0.001EPSS
Issue Overview: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. (CVE-2024-3049) Affected Packages: booth Note: This advisory is applicable to Amazon Linux 2...
5.9CVSS
6.7AI Score
0.001EPSS
Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35119 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical...
6AI Score
EPSS
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
7.8AI Score
0.001EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by improper input validation by the HTTP/2 header [CVE-2024-24549]. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed....
6.6AI Score
0.0004EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Amazon Ion, caused by a stack-based overflow in ion-java for applications [CVE-2024-21634]. Amazon Ion is a package used in our Speech Microservices. This vulnerabilitiy has been...
7.5CVSS
6.8AI Score
0.0005EPSS
[1.20.12-4] - Rebuild for z-stream - Related: RHEL-28939 [1.20.12-3] - Fix CVE-2023-45288 - Resolves: RHEL-28939 - Temporarily disable FIPS tests...
7.1AI Score
0.0004EPSS
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication...
8.8CVSS
7.7AI Score
0.001EPSS
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....
8.8CVSS
6.3AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt6-qtvirtualkeyboard-6.7.1-1.fc40
The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 6. Key features include: * Customizable keyboard layouts and styles with dynamic switching. * Predictive text input with word selection. * Character preview and alternative character view. *...
6.7AI Score
0.0004EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of spring-web-5.3.15.jar Vulnerability Details ** CVEID: CVE-2024-22243 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
8.1CVSS
7.7AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...
7.5CVSS
7.5AI Score
0.001EPSS
virt:rhel and virt-devel:rhel security and enhancement update
An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...
7CVSS
7.4AI Score
0.002EPSS
virt:rhel and virt-devel:rhel security update
An update is available for module.swtpm, module.libtpms, module.libnbd, netcf, module.nbdkit, hivex, libiscsi, libtpms, module.sgabios, libguestfs-winsupport, virt-v2v, module.supermin, module.virt-v2v, module.libvirt-dbus, module.qemu-kvm, supermin, swtpm, libvirt-dbus, sgabios, qemu-kvm,...
6.2CVSS
6.8AI Score
0.001EPSS
Summary: Docs doppler has an unclaimed broken link on its doc page which can be claimed by any malicious user. Steps to reproduce: 1.Visit https://docs.doppler.com/docs/removal-deprecated-packages-scripts 2.Click on scheduling a call. {F3122702} The scheduling a call page points to...
7AI Score
[SECURITY] [DSA 5705-1] tinyproxy security update
Debian Security Advisory DSA-5705-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq Package : tinyproxy CVE ID : CVE-2023-49606 A use-after-free...
9.8CVSS
9.5AI Score
0.001EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes...
6.4CVSS
6.1AI Score
0.0004EPSS
Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50964 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...
5.9AI Score
EPSS
Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28798 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary...
5.7AI Score
EPSS
Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28795 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
5.7AI Score
EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
7AI Score
0.0004EPSS
go-toolset:ol8 security update
delve golang [1.20.12-8] - Update sources file - Related: RHEL-27928 [1.20.12-7] - Fix CVE-2024-1394 - Resolves: RHEL-27928 [1.20.12-6] - Fix CVE-2023-45288 - Resolves: RHEL-31914...
7.4AI Score
0.0004EPSS
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted...
8.1CVSS
6.4AI Score
0.001EPSS
[SECURITY] [DSA 5688-1] atril security update
Debian Security Advisory DSA-5688-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2024 https://www.debian.org/security/faq Package : atril CVE ID : CVE-2023-52076 It was discovered...
9.6CVSS
5.9AI Score
0.005EPSS
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
7.5CVSS
7.5AI Score
0.001EPSS
tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...
6.1CVSS
6AI Score
0.002EPSS
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...
6.1CVSS
0.0004EPSS
Pixel Watch Security Bulletin—June 2024
The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices (Google Devices). For Google devices, security patch levels of 2024-06-05 or later address all applicable issues in the June 2024 Android Security Bulletin and all issues in this bulletin......
7.7AI Score
How to ‘Transform’ Multiple Resources with Regex
Veeam Support Knowledge Base answer to: How to ‘Transform’ Multiple Resources with...
7.1AI Score
[SECURITY] Fedora 40 Update: qt5-qtwayland-5.15.14-1.fc40
Qt5 - Wayland platform support and QtCompositor...
6.5AI Score
0.0004EPSS
CVE-2024-36396 Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
Verint - CWE-434: Unrestricted Upload of File with Dangerous...
8.8CVSS
0.0004EPSS
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...
6.1CVSS
0.0004EPSS
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify...
9.1CVSS
9.4AI Score
0.005EPSS
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Jinja, idna & cryptography which include cross-site scripting & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...
7.5CVSS
7.4AI Score
EPSS
Debugging Backups with Longhorn CSI
Veeam Support Knowledge Base answer to: Debugging Backups with Longhorn...
7.1AI Score
Moderate: libvirt security and bug fix update
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: libvirt: off-by-one error in udevListInterfacesByStatus()...
6.2CVSS
6.9AI Score
0.001EPSS
SQL Injection in Harbor scan log API
Impact A user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API: GET...
2.7CVSS
7.6AI Score
0.0004EPSS
Summary A server-side request forgery (SSRF) vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50952 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to server-side request forgery (SSRF). This may allow an authenticated...
6.3AI Score
EPSS
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP.....
7AI Score
0.0004EPSS