Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4Shell sample vulnerable application (CVE-2021-44228)...
9.1AI Score
Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for.....
9.8CVSS
6.9AI Score
0.005EPSS
HP Support Assistant < 8.7.50.3 DLL Loading Vulnerability
The version of HP Support Assistant installed on the remote Windows host is prior to 8.7.50.3. It is, therefore, affected by an unspecified DLL loading vulnerability. This can allow a local attacker to load and execute arbitrary...
7.3CVSS
7.5AI Score
0.001EPSS
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: Download Grafana 9.1.6 Release notes ...
6.6CVSS
6.8AI Score
0.003EPSS
nodejs [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares) nodejs-nodemon...
5.3CVSS
7.3AI Score
0.0004EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129). OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000....
6.5CVSS
7AI Score
0.001EPSS
[1.21.9-2] - Rebuilt for z-stream - Related: RHEL-24312 - Related: RHEL-28940 [1.21.9-1] - Fix CVE-2024-1394 - Fix CVE-2023-45288 - Resolves RHEL-24312 - Resolves...
7.5CVSS
7.4AI Score
0.0005EPSS
An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system...
8CVSS
7.8AI Score
0.001EPSS
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the fetch()...
5.3CVSS
7.3AI Score
0.0004EPSS
An update is available for module.varnish, varnish-modules, varnish, module.varnish-modules. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a.....
7.2AI Score
0.0004EPSS
An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...
7.5CVSS
7.2AI Score
0.0004EPSS
An update is available for qemu-kvm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine (KVM) is a full virtualization solution for...
7.3AI Score
Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages eglibc - GNU C Library glibc - GNU C Library Details It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue...
7.8CVSS
9.1AI Score
0.015EPSS
9.8CVSS
9.5AI Score
0.783EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.5AI Score
EPSS
CVE-2022-48720 net: macsec: Fix offload support for NETDEV_UNREGISTER event
In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEV_UNREGISTER event Current macsec netdev notify handler handles NETDEV_UNREGISTER event by releasing relevant SW resources only, this causes resources leak in case of macsec HW offload, as....
6.8AI Score
0.0004EPSS
CVE-2022-48720 net: macsec: Fix offload support for NETDEV_UNREGISTER event
In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEV_UNREGISTER event Current macsec netdev notify handler handles NETDEV_UNREGISTER event by releasing relevant SW resources only, this causes resources leak in case of macsec HW offload, as....
0.0004EPSS
7.2AI Score
0.0004EPSS
Grafana Stored Cross-site Scripting in Unified Alerting
Today we are releasing Grafana 8.3.10, 8.4.10, 8.5.9 and 9.0.3. This patch release includes a HIGH severity security fix for a stored Cross Site Scripting in Grafana. Release v.9.0.3, containing this security fix and other patches: Download Grafana 9.0.3 Release notes Release v.8.5.9, containing...
8.7CVSS
8.2AI Score
0.006EPSS
Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials (CVE-2024-28849). This bulletin identifies the steps to take to address the...
6.5CVSS
6.9AI Score
0.0004EPSS
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplied...
10CVSS
9.7AI Score
0.001EPSS
CVE-2022-45352 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
7.2AI Score
0.001EPSS
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target.....
7.8CVSS
8AI Score
0.001EPSS
CVE-2024-29849 Veeam Backup Enterprise Manager Authentication...
9.8CVSS
9.4AI Score
0.0004EPSS
Apache Struts - Multiple Open Redirection Vulnerabilities
Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied...
8.1AI Score
0.972EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...
7.6CVSS
8.1AI Score
0.0004EPSS
Important Photon OS Security Update - PHSA-2024-3.0-0758
Updates of ['linux-rt', 'linux-esx', 'linux-secure', 'linux-aws', 'linux'] packages of Photon OS have been...
9.8CVSS
10AI Score
0.001EPSS
CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not...
8.7CVSS
6.9AI Score
0.002EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...
7.6CVSS
8AI Score
0.0004EPSS
(RHSA-2024:2937) Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: CONTINUATION frames DoS (CVE-2024-27983) For more details about the...
7.2AI Score
0.0004EPSS
CVE-2024-3633 WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
0.0004EPSS
CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not...
8.7CVSS
8.7AI Score
0.002EPSS
CVE-2024-3633 WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG
The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
6AI Score
0.0004EPSS
Freestyle Support Portal Component for Joomla! 'prodid' Parameter SQLi
The version of the Freestyle Support Portal component for Joomla! running on the remote host is affected by a SQL injection vulnerability in the index.php script due to improper sanitization of user-supplied input to the 'prodid' parameter before using it to construct database queries. An...
8.1AI Score
CVE-2022-45351 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.8AI Score
EPSS
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary...
8.8CVSS
6.6AI Score
0.001EPSS
CVE-2022-45349 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplied...
10CVSS
7.5AI Score
0.001EPSS
CVE-2022-45349 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
CVE-2022-45352 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
tomcat bug fix and enhancement update
An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4.....
6.8AI Score
Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on...
5.3CVSS
7.4AI Score
0.001EPSS
Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to apply to address the vulnerability. ...
7.5CVSS
8.2AI Score
0.732EPSS
CVE-2022-45351 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
[1.3.1-19.0.1] - pam_limits: fix use after free in pam_sm_open_session [Orabug: 36406534] [1.3.1-19] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21244 [1.3.1-18] - libpam: use getlogin() from libc and not utmp. Resolves:...
5.5CVSS
7.3AI Score
0.0004EPSS
(RHSA-2024:2910) Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...
7.4AI Score
0.0004EPSS
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/...
7.5CVSS
7.2AI Score
0.053EPSS
K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200
Security Advisory Description When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. (CVE-2024-35200) Note: This issue affects NGINX systems compiled with the ngx_http_v3_module module, where the...
5.3CVSS
7.2AI Score
0.0004EPSS