CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over...
8.1CVSS
7.9AI Score
0.004EPSS
7.3CVSS
6.8AI Score
0.006EPSS
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service...
6.5CVSS
6.2AI Score
0.006EPSS
The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
0.0004EPSS
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result...
7.5CVSS
7.3AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
7.8CVSS
6.6AI Score
0.0004EPSS
The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue...
6.5CVSS
6.4AI Score
0.001EPSS
The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third...
7.5CVSS
7.6AI Score
0.001EPSS
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be...
6.9AI Score
0.008EPSS
In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has...
3.3CVSS
4.3AI Score
0.001EPSS
Json-smart is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays.....
7.5CVSS
7.5AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...
8.8CVSS
6.9AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on...
5.5CVSS
5.4AI Score
0.002EPSS
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being...
7.5CVSS
7.3AI Score
0.001EPSS
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext() function's implicit initialization...
3.3CVSS
5.3AI Score
0.0005EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
8.9AI Score
0.001EPSS
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in...
8.8CVSS
8.8AI Score
0.001EPSS
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...
4.8CVSS
5.1AI Score
0.0004EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
7.5CVSS
6.4AI Score
0.001EPSS
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used....
5.4CVSS
6.5AI Score
0.0004EPSS
Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Detection
Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM), an enterprise project portfolio management application, is running on the remote...
1.1AI Score
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are...
7.5CVSS
7.5AI Score
0.001EPSS
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap.....
6.5CVSS
6.6AI Score
0.001EPSS
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which...
7.6CVSS
6.9AI Score
0.0004EPSS
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer...
5CVSS
5.2AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through...
8.6CVSS
8.5AI Score
0.0005EPSS
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on...
5.5CVSS
5.4AI Score
0.0004EPSS
Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the...
4.8CVSS
5.4AI Score
0.001EPSS
5.5CVSS
6.6AI Score
0.0004EPSS
5.5CVSS
6.5AI Score
0.0004EPSS
Apport argument parsing mishandles filename splitting on older kernels resulting in argument...
5.5CVSS
6.6AI Score
0.0004EPSS
Exploit for Integer Overflow or Wraparound in Microsoft
CVE-2023-21823 Reverse Shell for Windows This repository...
7.8CVSS
9.1AI Score
0.653EPSS
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on....
5.5CVSS
5.4AI Score
0.001EPSS
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution......
7.5CVSS
7.5AI Score
0.001EPSS
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a...
10CVSS
9.3AI Score
0.006EPSS
SP Project & Document Manager <= 4.69 - Missing Authorization
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an.....
6.3CVSS
6.5AI Score
0.0004EPSS
5.5CVSS
6.5AI Score
0.0004EPSS
An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by...
6.5CVSS
6.1AI Score
0.001EPSS
7.1CVSS
6.6AI Score
0.0004EPSS
md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted...
9.8CVSS
9.6AI Score
0.002EPSS
An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by...
6.5CVSS
6.1AI Score
0.001EPSS
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states th...
9.1CVSS
9.2AI Score
0.002EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through...
7.5CVSS
7.5AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through...
8.6CVSS
8.5AI Score
0.0005EPSS
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246-mitigation This project is a Maven-based...
9.8CVSS
7.2AI Score
0.973EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through...
10CVSS
9.6AI Score
0.001EPSS
Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through...
7.3CVSS
5.3AI Score
0.0005EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through...
7.5CVSS
7.5AI Score
0.001EPSS