Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials (CVE-2024-28849). This bulletin identifies the steps to take to address the...
6.5CVSS
6.9AI Score
0.0004EPSS
tomcat bug fix and enhancement update
An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4.....
6.8AI Score
Apache Struts - Multiple Open Redirection Vulnerabilities
Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied...
8.1AI Score
0.972EPSS
CVE-2022-48720 net: macsec: Fix offload support for NETDEV_UNREGISTER event
In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEV_UNREGISTER event Current macsec netdev notify handler handles NETDEV_UNREGISTER event by releasing relevant SW resources only, this causes resources leak in case of macsec HW offload, as....
0.0004EPSS
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
7.2AI Score
0.001EPSS
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
8AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
CVE-2022-48720 net: macsec: Fix offload support for NETDEV_UNREGISTER event
In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEV_UNREGISTER event Current macsec netdev notify handler handles NETDEV_UNREGISTER event by releasing relevant SW resources only, this causes resources leak in case of macsec HW offload, as....
6.8AI Score
0.0004EPSS
activemq is vulnerable to Remote Code Execution. The vulnerability is due to BaseDataStreamMarshaller.java as there is no class validation and does not verify that the loaded class is a valid Throwable. This allows an attacker to manipulate serialized class types within the OpenWire protocol,...
10CVSS
7.5AI Score
0.931EPSS
An update is available for qemu-kvm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine (KVM) is a full virtualization solution for...
7.3AI Score
7.2AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...
7.6CVSS
8AI Score
0.0004EPSS
CVE-2022-45351 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.5AI Score
EPSS
Freestyle Support Portal Component for Joomla! 'prodid' Parameter SQLi
The version of the Freestyle Support Portal component for Joomla! running on the remote host is affected by a SQL injection vulnerability in the index.php script due to improper sanitization of user-supplied input to the 'prodid' parameter before using it to construct database queries. An...
8.1AI Score
CVE-2022-45349 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary...
8.8CVSS
6.6AI Score
0.001EPSS
K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. (CVE-2024-35200) Note: This issue affects NGINX systems compiled with the ngx_http_v3_module module, where the...
5.3CVSS
7.2AI Score
0.0004EPSS
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to apply to address the vulnerability. ...
7.5CVSS
8.2AI Score
0.732EPSS
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplied...
10CVSS
7.5AI Score
0.001EPSS
CVE-2022-45349 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
CVE-2022-45352 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.8AI Score
EPSS
(RHSA-2024:2438) Moderate: pam security update
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): pam: allowing unprivileged user to block another user namespace (CVE-2024-22365) For more details about the security...
6.7AI Score
0.0004EPSS
An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...
7.5CVSS
7.3AI Score
0.0005EPSS
CVE-2022-45351 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
Siemens S7 Protocol Support Detection
Nessus has determined that the remote device supports the Siemens S7...
2AI Score
DNP3 Outstation Unsolicited Messaging Support
There are a variety of reasons why polling SCADA outstations may not provide adequate or timely information. To address this, DNP3 supports unsolicited response where the outstations initiate a response without a poll request when a threshold is exceeded or an event is triggered. The host has a...
0.7AI Score
Support Genix < 1.2.4 - Missing Authorization
Description The Support Genix plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...
9.9CVSS
9.1AI Score
0.0004EPSS
(RHSA-2024:2910) Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...
7.4AI Score
0.0004EPSS
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/...
7.5CVSS
7.2AI Score
0.044EPSS
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on...
5.3CVSS
7.4AI Score
0.001EPSS
CVE-2024-29849 Veeam Backup Enterprise Manager Authentication...
9.8CVSS
9.4AI Score
0.0004EPSS
CVE-2024-3633 WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
0.0004EPSS
An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each...
5.3CVSS
6.7AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
4.7AI Score
0.001EPSS
CVE-2024-3633 WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
6AI Score
0.0004EPSS
Grafana account takeover via OAuth vulnerability
Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for an Oauth takeover vulnerability in Grafana. Release v.9.0.3, containing this security fix and other patches: Download Grafana 9.0.3 Release notes Release v.8.5.9,...
7.5CVSS
7.4AI Score
0.002EPSS
CVE-2024-26635 llc: Drop support for ETH_P_TR_802_2.
In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0,...
6.3AI Score
0.0004EPSS
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on...
5.3CVSS
6.1AI Score
0.001EPSS
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial...
5.3CVSS
7.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
6.5AI Score
0.001EPSS
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....
5.3CVSS
6.5AI Score
0.0004EPSS
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....
5.3CVSS
6.9AI Score
0.0004EPSS
postgresql-14, postgresql-15, postgresql-16 vulnerability
Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users. NOTE: This update...
3.1CVSS
6.9AI Score
0.0004EPSS
Summary Calls to the Admin API in IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability. [CVE-2024-31904] Vulnerability Details ** CVEID:...
6.5CVSS
6.5AI Score
0.0004EPSS
Summary Node.js is used by IBM App Connect Enterprise Certified Container as a runtime engine for processing data. IBM App Connect Enterprise Certified Container is vulnerable to denial of service when making HTTP calls using Node.js. This bulletin provides patch information to address the...
6.5CVSS
5.6AI Score
0.0004EPSS
Integer overflow in chunking helper causes dispatching to miss elements or panic
Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The issue may also lead to a panic rendering the server unavailable The following API methods are affected: - CheckPermission -...
7.3CVSS
7AI Score
0.0004EPSS
go-toolset:rhel8 security update
An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset....
7.2AI Score
0.0004EPSS