A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading to version 4.5.6.a.....
6.5CVSS
6.5AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this...
7.5CVSS
7.1AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...
9.8CVSS
8AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8.....
6.5CVSS
6.1AI Score
0.001EPSS
Security Updates for Microsoft SharePoint Server and Microsoft Project Server (May 2018)
The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a ...
7.8CVSS
7AI Score
0.293EPSS
AIX is affected by a denial of service due to Python (CVE-2024-0450)
IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:07:51 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory10.asc Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)...
6.2CVSS
6.8AI Score
0.0005EPSS
Security Updates for Microsoft SharePoint Server and Microsoft Project Server (November 2017)
The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not ...
8.8CVSS
8.3AI Score
0.003EPSS
lunary-ai/lunary allows users unauthorized access to projects
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
6.8AI Score
0.0004EPSS
lunary-ai/lunary allows users unauthorized access to projects
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
9.4AI Score
0.0004EPSS
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.4AI Score
0.001EPSS
github.com/glpi-project/glpi-agent is vulnerable to Privilege Escalation. The vulnerability is due to improper security controls in the MSI package installer that allow a local user to manipulate the GLPI server URL or disable the agent service, and in some cases, configure a malicious server to...
7.3CVSS
7AI Score
0.0004EPSS
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory...
10CVSS
7.2AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit...
7.8CVSS
8.6AI Score
0.001EPSS
Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's...
9.6CVSS
6AI Score
EPSS
github.com/argoproj/argo-cd is vulnerable to Cluster Name Enumeration. This vulnerability is due to inadequate handling of error messages such as cluster names, allowing attackers to enumerate clusters and project names within project-scoped...
4.3CVSS
7AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...
8.2CVSS
6.8AI Score
0.0004EPSS
Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in...
7.1CVSS
6AI Score
0.0004EPSS
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:10:30 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_jun2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...
5.9CVSS
4.6AI Score
0.0004EPSS
Security Updates for Microsoft SharePoint Server and Microsoft Project Server (March 2018)
The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to...
8.8CVSS
7.7AI Score
0.08EPSS
OpenSSH -- Race condition resulting in potential remote code execution
The OpenSSH project reports: A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD...
8.1CVSS
8.5AI Score
EPSS
github.com/glpi-project/glpi-agent is vulnerable to Privilege Escalation. The vulnerability is due to the ability of a local user to modify GLPI-Agent code or used DLLs, which can alter agent logic and potentially grant higher...
7.3CVSS
6.8AI Score
0.0004EPSS
CVE-2023-49675 CODESYS: Out-of-bounds write through corrupted project files
An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write...
7.8CVSS
7.8AI Score
0.001EPSS
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they...
4.9CVSS
6.8AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP....
10CVSS
7.2AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version...
8.1CVSS
6.9AI Score
0.001EPSS
ntpd has Dependency on Vulnerable Third-Party Component
During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...
6.9AI Score
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)
IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...
5.3CVSS
6.2AI Score
0.001EPSS
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder...
5.5CVSS
6AI Score
0.001EPSS
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder...
5.5CVSS
6AI Score
0.001EPSS
CVE-2024-31990 Argo CD' API server does not enforce project sourceNamespaces
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and...
4.8CVSS
5.2AI Score
0.0004EPSS
CVE-2023-49675 CODESYS: Out-of-bounds write through corrupted project files
An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write...
7.8CVSS
8.2AI Score
0.001EPSS
Impact An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as permissive instead of strict) to potentially use artifacts with signatures that are no...
6.8CVSS
7.1AI Score
0.001EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
5.1AI Score
0.0004EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
6.1AI Score
0.0004EPSS
AIX is affected by information disclosure due to Python (CVE-2024-28757)
IBM SECURITY ADVISORY First Issued: Thu Jun 13 15:37:38 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory9.asc Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)...
7.3AI Score
0.0004EPSS
Directory creation by malicious user in saltstack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
5.1AI Score
0.0004EPSS
SP Project & Document Manager <= 4.71 - Data Update via IDOR
Description The plugin is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...
6.7AI Score
0.0004EPSS
GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to...
6.5CVSS
6.4AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This...
5.4CVSS
7.4AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Vm4J A tool for detect vmware product log4j vulnerability....
8.8AI Score
uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should....
8.8CVSS
8.9AI Score
0.006EPSS
Directory creation by malicious user in saltstack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
6.6AI Score
0.0004EPSS
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
5.1AI Score
0.0004EPSS
CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another...
6.5AI Score
0.0004EPSS
CVE-2024-3749 SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another...
6.6AI Score
0.0004EPSS
Exploit for SQL Injection in Progress Moveit Cloud
CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit...
9.8CVSS
8.4AI Score
0.969EPSS
Ecava IntegraXor < 4.1.4369 Project Directory Information Disclosure
The version of IntegraXor installed on the remote host is a version prior to 4.1 Build 4369. It is, therefore, reportedly affected by an information disclosure vulnerability due to credentials being stored in plaintext. An attacker can potentially exploit this vulnerability to disclose credentials....
3.5AI Score
CVE-2024-5519 ItsourceCode Learning Management System Project In PHP login.php sql injection
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...
7.3CVSS
7.6AI Score
0.0004EPSS
CVE-2024-5519 ItsourceCode Learning Management System Project In PHP login.php sql injection
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has...
7.3CVSS
7.6AI Score
0.0004EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ncast Project Ncast
cve-2024-0305exp cve-2024-0305可用的exp,如需引用请转明出处,感谢! 0x01...
7.5CVSS
6.8AI Score
0.01EPSS