A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...
7.5CVSS
6.9AI Score
0.0004EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Vulnerability Details fofa: ``` (title="BIG-IP®" ||...
9.8CVSS
9.6AI Score
0.972EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
Vulnerability Details fofa: ``` (title="BIG-IP®" ||...
9.8CVSS
9.6AI Score
0.972EPSS
RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
6.1AI Score
0.0004EPSS
WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body...
6.1CVSS
6.4AI Score
0.001EPSS
8.8CVSS
9.2AI Score
0.001EPSS
Exploit for Command Injection in Ivanti Connect Secure
🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...
9.1CVSS
8.2AI Score
0.969EPSS
RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler,.....
6.5AI Score
0.0004EPSS
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...
3.3CVSS
4.3AI Score
0.0004EPSS
Exploit for Cross-site Scripting in Roundcube Webmail
CVE-2023-43770 POC A Proof-Of-Concept for the recently found...
6.1CVSS
6.1AI Score
0.113EPSS
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing....
7.5CVSS
7AI Score
0.732EPSS
(RHSA-2024:2669) Important: OpenShift Container Platform 4.15.12 security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.12. See the following advisory for the container...
8AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Kingsoft Internet Security 9 Plus
CVE-2022-25949 A years-old exploit of a local EoP...
7.8CVSS
7.7AI Score
0.001EPSS
Testing CVE-2024-2961 (V1 - Under Analysis) This repository...
7.6AI Score
nfpm has incorrect default permissions
Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files (without extra config...
7.1CVSS
6.7AI Score
0.001EPSS
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password....
4.3CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot in the ddp_comp array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this...
7.2AI Score
0.0004EPSS
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing....
7.5CVSS
8.2AI Score
0.732EPSS
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in.....
10CVSS
9.3AI Score
0.133EPSS
CVE-2024-34102 POC for CVE-2024-34102. A pre-authentication...
9.8CVSS
6.9AI Score
0.038EPSS
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password....
8.8CVSS
7AI Score
0.001EPSS
Stock Ticker <= 3.23.2 - Cross-Site-Scripting
The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_symbol_search_test function in versions up to, and including, 3.23.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
7.1CVSS
6.1AI Score
0.001EPSS
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing....
7.5CVSS
6.8AI Score
0.732EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...
10CVSS
9.6AI Score
0.133EPSS
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password....
4.3CVSS
7AI Score
0.0004EPSS
Zendframework session validation vulnerability
Zend\Session session validators do not work as expected if set prior to the start of a session. For instance, the following test case fails (where $this->manager is an instance of Zend\Session\SessionManager): ``` $this ->manager ->getValidatorChain() ->attach('session.validate',...
6.7AI Score
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password....
8.8CVSS
7AI Score
0.001EPSS
Zendframework session validation vulnerability
Zend\Session session validators do not work as expected if set prior to the start of a session. For instance, the following test case fails (where $this->manager is an instance of Zend\Session\SessionManager): ``` $this ->manager ->getValidatorChain() ->attach('session.validate',...
6.7AI Score
nfpm has incorrect default permissions
Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files (without extra config...
7.1CVSS
6.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: locking/ww_mutex/test: Fix potential workqueue corruption In some cases running with the test-ww_mutex code, I was seeing odd behavior where sometimes it seemed flush_workqueue was returning before all the work threads were...
6.8AI Score
0.0004EPSS
7.3AI Score
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
0.002EPSS
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which...
5.9CVSS
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddp_comp with devm_kcalloc() In the case where conn_routes is true we allocate an extra slot in the ddp_comp array but mtk_drm_crtc_create() never seemed to initialize it in the test case I ran. For me, this...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: locking/ww_mutex/test: Fix potential workqueue corruption In some cases running with the test-ww_mutex code, I was seeing odd behavior where sometimes it seemed flush_workqueue was returning before all the work threads were...
6.8AI Score
0.0004EPSS
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
7.5AI Score
0.002EPSS
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
7.7AI Score
0.002EPSS
9.8CVSS
7.9AI Score
0.974EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Nmap Log4Shell NSE script for discovery Apache Log4j RCE...
9.2AI Score
9.8CVSS
9.6AI Score
0.038EPSS
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...
6.5CVSS
7.1AI Score
0.001EPSS
Zend-Session session validation vulnerability
Zend\Session session validators do not work as expected if set prior to the start of a session. For instance, the following test case fails (where $this->manager is an instance of Zend\Session\SessionManager): ``` $this ->manager ->getValidatorChain() ->attach('session.validate',...
6.7AI Score
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which...
5.9CVSS
5.6AI Score
0.0004EPSS
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppress_prefix rule is present in the IPv6 routing rules (used by certain tools such as...
5.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs] CPU: 2 PID: 1 Comm: systemd Tainted:...
7AI Score
0.0004EPSS
Exploit for Path Traversal in Solarwinds Serv-U
CVE-2024-28995 PoC and Bulk Scanner Overview This...
8.6CVSS
6.7AI Score
0.343EPSS
Zend-Session session validation vulnerability
Zend\Session session validators do not work as expected if set prior to the start of a session. For instance, the following test case fails (where $this->manager is an instance of Zend\Session\SessionManager): ``` $this ->manager ->getValidatorChain() ->attach('session.validate',...
6.7AI Score
Exploit for Allocation of Resources Without Limits or Throttling in Apache Commons Fileupload
multipartResolver 가 정의되지 않거나...
7.5CVSS
8AI Score
0.034EPSS