dm67.co Cross Site Scripting vulnerability OBB-3844837
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through...
8.3CVSS
6.8AI Score
0.0004EPSS
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...
7.4CVSS
6.8AI Score
0.015EPSS
An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php...
7.5AI Score
0.0004EPSS
An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php...
7.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through...
8.3CVSS
8.4AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
POC for CVE-2021-44228 This python script was created while...
10CVSS
10AI Score
0.976EPSS
Check Point VPN-1 PAT Information Disclosure Vulnerability - Active Check
Check Point VPN-1 PAT is prone to an information disclosure ...
6.2AI Score
0.007EPSS
(RHSA-2024:2941) Important: RHACS 4.4 enhancement and security update
This release of RHACS 4.4.2 provides the following bug fixes: Before this update, Collector pods on nodes with 128 or more cores would fail with a CrashLoopBackOff status due to issues with how the CO-RE BPF allocated kernel memory. The patch release fixes this issue. This release updates the...
7.5AI Score
0.0005EPSS
Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted...
6.9AI Score
0.0004EPSS
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
6CVSS
6.8AI Score
0.0004EPSS
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
6CVSS
6.9AI Score
0.0004EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto...
10CVSS
7.4AI Score
0.957EPSS
In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address:...
6.4AI Score
0.0004EPSS
netplan leaks the private key of wireguard to local users. Versions after 1.0 are not...
6.5CVSS
6.3AI Score
0.0004EPSS
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in...
5.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-26984 nouveau: fix instmem race condition around ptr stores
In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address:...
7.5AI Score
0.0004EPSS
CVE-2024-26984 nouveau: fix instmem race condition around ptr stores
In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address:...
6.4AI Score
0.0004EPSS
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....
6.8AI Score
0.0004EPSS
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the...
9.8CVSS
7.1AI Score
0.0004EPSS
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading...
9.3CVSS
9.2AI Score
0.0004EPSS
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Impact If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults. When looking up a WSS endpoint using the DNS TXT record method described in XEP-0156: Discovering Alternative XMPP Connection Methods the ServerName field.....
5.9CVSS
AI Score
0.001EPSS
CVE-2024-27062 nouveau: lock the client object tree.
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
6.9AI Score
0.0004EPSS
Data Leak Exposes 500GB of Indian Police, Military Biometric Data
By Waqas The records belonged to two separate India-based firms, ThoughtGreen Technologies and Timing Technologies. Both provide application development, RFID technology, and biometric verification services. This is a post from HackRead.com Read the original post: Data Leak Exposes 500GB of Indian....
7.2AI Score
In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address:...
7.4AI Score
0.0004EPSS
Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
8AI Score
0.001EPSS
CVE-2023-34310 Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
8.2AI Score
0.001EPSS
CVE-2023-34310 Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
7.5AI Score
0.001EPSS
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
5.3CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
6.6AI Score
0.0004EPSS
CVE-2024-27062 nouveau: lock the client object tree.
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
6.8AI Score
0.0004EPSS
CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
5.3CVSS
6.8AI Score
0.0004EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.8CVSS
8AI Score
0.001EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.8CVSS
8.2AI Score
0.001EPSS
An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php...
7.8AI Score
0.0004EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.8CVSS
7.5AI Score
0.001EPSS
Fedora: Security Advisory for tomcat (FEDORA-2024-c404b99f19)
The remote host is missing an update for...
7.3AI Score
0.0004EPSS
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is...
7.1AI Score
0.0004EPSS
Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is...
7.3AI Score
0.0004EPSS
Easy Property Listings < 3.5.4 - Missing Authorization via epl_update_listing_coordinates()
Description The Easy Property Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epl_update_listing_coordinates function in versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to update...
5.3CVSS
7AI Score
0.0004EPSS
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
8.1AI Score
0.001EPSS
CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
7.5AI Score
0.001EPSS
OpenSSL 1.1.0 < 1.1.0l Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0l. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0l advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
4.7CVSS
5.8AI Score
0.015EPSS
OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2t advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
4.7CVSS
5.8AI Score
0.015EPSS
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc...
7.3AI Score
0.0004EPSS
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc...
7.5AI Score
0.0004EPSS
CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
8.3AI Score
0.001EPSS
The remote server is running at least one instance of Chora version 1.2.1 or earlier. Such versions have a flaw in the diff viewer that enables a remote attacker to run arbitrary code with the permissions of the web...
7.7AI Score
Report default community names of the SNMP Agent
Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are...
8.1CVSS
7.2AI Score
0.454EPSS