Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947 A code injection attack on spring cloud...
10CVSS
7.4AI Score
0.975EPSS
Summary An information exposure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50954 DESCRIPTION: **IBM InfoSphere Information Server returns sensitive information in URL information that could be used in further attacks against the system....
5.9AI Score
EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
Grafana Stored Cross-site Scripting in Unified Alerting
Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for a stored Cross Site Scripting in Grafana. Release v.9.0.3, containing this security fix and other patches: Download Grafana 9.0.3 Release notes Release v.8.5.9, containing...
8.7CVSS
5.4AI Score
0.006EPSS
[SECURITY] Fedora 39 Update: booth-1.0-283.5.9d4029a.git.fc39
Booth manages tickets which authorize cluster sites located in geographically dispersed locations to run resources. It facilitates support of geographically distributed clustering in...
5.9CVSS
7.2AI Score
0.001EPSS
Issue Overview: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. (CVE-2024-1298) Affected Packages: edk2 Note: This...
6CVSS
6.9AI Score
0.0004EPSS
Issue Overview: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. (CVE-2023-5992) Affected Packages: opensc Note: This advisory is applicable to Amazon Linux 2...
5.9CVSS
6.7AI Score
0.001EPSS
[1.20.12-4] - Rebuild for z-stream - Related: RHEL-28939 [1.20.12-3] - Fix CVE-2023-45288 - Resolves: RHEL-28939 - Temporarily disable FIPS tests...
7.1AI Score
0.0004EPSS
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...
8.1CVSS
8.2AI Score
0.0004EPSS
Important: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...
8.3AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
6.4CVSS
5.7AI Score
0.001EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.9AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, buf, docker-credential-acr-env, gomplate, nats-server, prometheus-postgres-exporter, grpc-health-probe, vexctl, step, containerd, node-problem-detector, spire-server, src, telegraf, istio-operator, tkn, prometheus-adapter, buildkitd, apko,...
5.9CVSS
7.1AI Score
0.963EPSS
Summary A vulnerability in Oracle MySQL Connectors used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-22102 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote attacker to cause.....
8.3CVSS
5.8AI Score
0.001EPSS
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An.....
7.8CVSS
6.8AI Score
0.001EPSS
ezsystems/ez-support-tools is vulnerable to Authorization Bypass. The vulnerability is due to insufficient access controls, allowing any authenticated backend user, regardless of their assigned permissions, to view sensitive system information such as phpinfo()...
6.5AI Score
MinIO information disclosure vulnerability in github.com/minio/minio
MinIO information disclosure vulnerability in...
5.3CVSS
5AI Score
0.0004EPSS
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.1AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before...
6.1CVSS
6.4AI Score
0.0004EPSS
Issue Overview: A vulnerability was found in libndp. A buffer overflow in NetworkManager that can be triggered by sending a malformed IPv6 router advertisement packet via malicious user locally. This happens as libndp was not validating correctly the route length information and hence leading to a....
8.1CVSS
7AI Score
0.0004EPSS
Cloud Software Group Security Advisory for CVE-2024-3661
Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...
7.6CVSS
6.7AI Score
0.0005EPSS
Backup Failing With `Too many snapshots` When Using Longhorn as a Storage Provisioner
Veeam Support Knowledge Base answer to: Backup Failing With Too many snapshots When Using Longhorn as a Storage...
7.1AI Score
Veeam Kasten for Kubernetes - vSphere Block Mode Exports Failure With Error 14009
Veeam Support Knowledge Base answer to: Veeam Kasten for Kubernetes - vSphere Block Mode Exports Failure With Error...
7.2AI Score
MinIO information disclosure vulnerability
Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...
5.3CVSS
6.2AI Score
0.0004EPSS
Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-31902 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and.....
6.4AI Score
EPSS
Summary A vulnerability in IBM InfoSphere Information Server allowed a lower level authenticated user to view sensitive information. This vulnerabity was addressed. Vulnerability Details ** CVEID: CVE-2024-31898 DESCRIPTION: **IBM InfoSphere Information Server could allow an authenticated user to.....
5.8AI Score
EPSS
libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate...
6.5AI Score
0.0004EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
6.3AI Score
0.0004EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified.....
9.8CVSS
9.5AI Score
0.002EPSS
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...
6.1CVSS
5.8AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
[AOSP Bluetooth Use after free-bta_hf_client_sdp.cc-bta_hf_client_do_disc]
In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
7.6AI Score
0.001EPSS
Summary An insecure authorization vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-35022 DESCRIPTION: **IBM InfoSphere Information Server could allow a local user to update projects that they do not have the authorization to access. CVSS...
6.1AI Score
EPSS
Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...
8.1CVSS
6.2AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt6-qtvirtualkeyboard-6.7.1-1.fc40
The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 6. Key features include: * Customizable keyboard layouts and styles with dynamic switching. * Predictive text input with word selection. * Character preview and alternative character view. *...
6.7AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
9.1CVSS
9.3AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through...
9.1CVSS
6.9AI Score
0.0004EPSS
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)
IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...
5.3CVSS
6.2AI Score
0.001EPSS
Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35119 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical...
6AI Score
EPSS
Summary An improper error handling vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50953 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error...
5.8AI Score
EPSS
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
7.8AI Score
0.001EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
0.0004EPSS
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....
8.8CVSS
6.3AI Score
0.0004EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20952) has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.4CVSS
7.3AI Score
0.001EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2019-11358 DESCRIPTION: **jQuery, as used in Drupal core, is...
6.1CVSS
6.2AI Score
0.035EPSS
[SECURITY] [DSA 5705-1] tinyproxy security update
Debian Security Advisory DSA-5705-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq Package : tinyproxy CVE ID : CVE-2023-49606 A use-after-free...
9.8CVSS
9.5AI Score
0.001EPSS
Impact A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a...
6.8AI Score
EPSS