libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the...
7AI Score
EPSS
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management...
7.5CVSS
6.9AI Score
0.0005EPSS
CVE-2024-23363 Buffer Over-read in WLAN Firmware
Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management...
7.5CVSS
7.6AI Score
0.0005EPSS
🚀 CVE-2024-29269 Exploit This repository contains an exploit...
8.3AI Score
0.001EPSS
OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label http_method that has unbound cardinality. It....
7.5CVSS
7AI Score
0.001EPSS
ruby:3.3 security, bug fix, and enhancement update
An update is available for rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-pg, module.ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
6.5AI Score
EPSS
Exploit for Path Traversal in Microsoft
CVE-2022-4510-Binwalk This script allows you to generate...
7.8CVSS
6.9AI Score
0.267EPSS
libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the...
7.3AI Score
EPSS
idm:DL1 and idm:client security update
bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc: invalidate forest trust intfo cache when filtering out realm domains Resolves: RHEL-28559 - Backport latests test fixes in python3-tests ipatests: add xfail for...
6.8CVSS
6.7AI Score
0.0004EPSS
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.user_agent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP.....
7.5CVSS
7AI Score
0.005EPSS
[SECURITY] Fedora 40 Update: wildcard-0.3.3-3.fc40
Wildcard gives you a nice and simple to use interface to test/practice regular...
7.2AI Score
Disclaimer This script is for educational and testing purposes...
9.8CVSS
9.7AI Score
0.973EPSS
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: harden netfront against event channel storms The Xen netfront driver is still vulnerable for an attack via excessive number of events sent by the backend. Fix that by using lateeoi event channels. For being able...
7AI Score
0.0004EPSS
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...
7.2CVSS
6.6AI Score
0.001EPSS
Exploit for Allocation of Resources Without Limits or Throttling in Redhat Enterprise Linux
CVE-2023-50387 KeyTrap in DNS (CVE-2023-50387) This...
7.5CVSS
7.6AI Score
0.05EPSS
8.2AI Score
0.0004EPSS
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.request_content_length,...
7.5CVSS
7.6AI Score
0.005EPSS
JavaScript Code with variable containing underscore does not work
h3. Issue Summary JavaScript Code with a variable containing an underscore does not work in * Page Template * HTML macro * 3rd Party Plugin (Script Runner) h3. Steps to Reproduce Sample code block: {code:java} $test $test_1 $("input[name='variableValues.test']").change(function (){...
0.8AI Score
Exploit for Code Injection in Vmware Spring Framework
Spring4Shell - PoC CVE - 2022 - 22965 Versions affected...
9AI Score
Exploit for HTTP Request Smuggling in Sap Content Server
CVE-2022-22536 SAP memory pipes desynchronization...
10CVSS
9.8AI Score
0.965EPSS
Exploit for OS Command Injection in Php
How the Script Works: - Input Prompt: The script prompts the...
7.5AI Score
PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component...
7.5CVSS
7.2AI Score
0.001EPSS
Exploit for Improper Authentication in Ivanti Connect Secure
🚨 CVE-2023-46805 Scanner Tool 🛠️ A robust tool for detecting...
8.2CVSS
7.5AI Score
0.959EPSS
In the Linux kernel, the following vulnerability has been resolved: xen/console: harden hvc_xen against event channel storms The Xen console driver is still vulnerable for an attack via excessive number of events sent by the backend. Fix that by using a lateeoi event channel. For the normal...
6.9AI Score
0.0004EPSS
A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...
5.4CVSS
6.2AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: python3.6-3.6.15-28.fc39
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software.....
7.8CVSS
7.4AI Score
0.0005EPSS
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and...
9.8CVSS
6.5AI Score
0.001EPSS
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded.....
8.1CVSS
7.3AI Score
0.001EPSS
This repository builds up a vulnerable HTTP2 Node.js server...
8.2CVSS
7.1AI Score
0.0004EPSS
Exploit for NULL Pointer Dereference in Gpac
CVE-2023-4683-Test This repo holds an easy to use POC for...
5.5CVSS
7.4AI Score
0.0004EPSS
(RHSA-2024:1141) Moderate: mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911) mysql: Server: DDL unspecified vulnerability (CPU Apr...
8AI Score
0.002EPSS
A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"> leads to cross site scripting. T...
3.5CVSS
4AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
CVE-2024-1086 Universal local privilege escalation...
7.8CVSS
7.9AI Score
0.002EPSS
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...
8.6CVSS
7.4AI Score
0.001EPSS
Exploit for Server-Side Request Forgery in Apache Http Server
CVE-2021-40438 Apache forward request CVE...
9CVSS
0.3AI Score
0.971EPSS
8.7AI Score
0.001EPSS
PhpMyAdmin <4.8.2 - Local File Inclusion
PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted....
8.8CVSS
8.6AI Score
0.973EPSS
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and...
6.1CVSS
6.6AI Score
0.0005EPSS
[SECURITY] Fedora 40 Update: python3.6-3.6.15-30.fc40
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software.....
7.8CVSS
7.1AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the...
6.5AI Score
0.0004EPSS
9.1CVSS
6.9AI Score
0.0004EPSS
[2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves:...
8.1CVSS
6.9AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Vmware Spring For Apache Kafka
CVE-2023-34040 Spring Kafka Deserialization Remote Code...
7.8CVSS
7.8AI Score
0.0004EPSS
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 This Python script is used to abuse the...
9.8CVSS
9.9AI Score
0.006EPSS
Mass Auto Scanner for CVE-2024-24919 This script is designed to...
8.6CVSS
6.4AI Score
0.945EPSS
In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Vulnerability Details fofa: ``` (title="BIG-IP®" ||...
9.8CVSS
9.6AI Score
0.972EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Vulnerability Details fofa: ``` (title="BIG-IP®" ||...
9.8CVSS
9.6AI Score
0.972EPSS
An update is available for keylime. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Keylime is a TPM based highly scalable remote boot attestation and runtime...
2.8CVSS
7.3AI Score
0.0004EPSS