An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including...
4.3CVSS
4.8AI Score
0.001EPSS
Panic in github.com/ipfs/go-merkledag
A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. Additionally, use of the ProtoNode.SetCidBuilder() method to set non-functioning CidBuilder (such as one that refers to a multihash...
7.5CVSS
7.4AI Score
0.002EPSS
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant...
7.8CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so...
7AI Score
0.0004EPSS
Attachments gets downloaded on Chromium based browsers even after user logs out from Confluence
h3. Issue Summary Attachments gets downloaded on Chromium based browsers even after user logs out from the page h3. Steps to Reproduce # Create a new page in Confluence # Attach any PDF or picture or any file in that page and then publish the page # Copy the image link by right clicking on the...
0.3AI Score
CVE-2024-38566 bpf: Fix verifier assumptions about socket->sk
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket->sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just...
0.0004EPSS
MediaWiki Cross-site Scripting (XSS)
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and...
6.1CVSS
5.8AI Score
0.006EPSS
A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes: 1.) cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior...
7AI Score
0.0004EPSS
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV...
6.1CVSS
6AI Score
0.002EPSS
Planon <Live Build 41 - Cross-Site Scripting
Planon before Live Build 41 is vulnerable to cross-site...
6.1CVSS
6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...
6.6AI Score
0.0004EPSS
A condition exists in lighttpd version prior to 1.4.51 whereby a remote attacker can craft an http request which could result in multiple outcomes: 1.) cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior...
6.3AI Score
0.0004EPSS
fence-agents security and bug fix update
[4.2.1-129] - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18132 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20915 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-22174 [4.2.1-127] - fence_scsi: fix registration handling if ISID conflicts Resolves: RHEL-5397 -...
6.1CVSS
6.8AI Score
0.001EPSS
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and...
7.5CVSS
6.6AI Score
0.001EPSS
Apache Tomcat Servers - Remote Code Execution
Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to.....
8.1CVSS
8AI Score
0.967EPSS
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix.....
7.3CVSS
6.9AI Score
0.001EPSS
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix.....
7.3CVSS
6.9AI Score
0.001EPSS
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...
9.1CVSS
7.2AI Score
0.001EPSS
Possible to circumvent title-blacklist
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that...
6.1CVSS
6.9AI Score
0.004EPSS
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is...
9.6AI Score
0.002EPSS
Apache Struts2 S2-057 - Remote Code Execution
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard...
8.1CVSS
8.5AI Score
0.975EPSS
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed...
7.5CVSS
7AI Score
0.001EPSS
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login...
5.9CVSS
6.9AI Score
0.0005EPSS
Symfony has unsafe methods in the Request class
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they are not...
7.1AI Score
EPSS
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logo_path query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file...
6.8AI Score
Ant Media Server Community Edition is vulnerable to Improper Authorization. The vulnerability is due to improper HTTP header based authorization which allows unauthorized users to potentially access non-administrative API calls reserved for authorized...
7AI Score
0.0004EPSS
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines.....
7.5CVSS
7.1AI Score
0.001EPSS
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp=...
6.1CVSS
6AI Score
0.001EPSS
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...
8.8CVSS
9AI Score
0.837EPSS
Jenzabar 9.2x-9.2.2 - Cross-Site Scripting
Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows...
6.1CVSS
6AI Score
0.075EPSS
CouchCMS <= 2.0 - Path Disclosure
CouchCMS <= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or...
5.3CVSS
5.2AI Score
0.003EPSS
NextGen Healthcare Mirth Connect - Remote Code Execution
Unauthenticated remote code execution vulnerability in NextGen Healthcare Mirth Connect before version...
9.8CVSS
9.7AI Score
0.956EPSS
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with.....
7.5CVSS
7.5AI Score
0.013EPSS
AIX 7.2 TL 5 : printers (IJ48481)
https://vulners.com/cve/CVE-2023-45166 IBM AIX could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM AIX could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a.....
8.4CVSS
7.8AI Score
0.0004EPSS
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed...
9.1CVSS
7AI Score
0.001EPSS
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook...
5.3CVSS
6.9AI Score
0.0005EPSS
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with @MultipartConfig) that call HttpServletRequest.getParameter() or HttpServletRequest.getParts() may cause OutOfMemoryError when the client sends a multipart request with a.....
5.3CVSS
5.8AI Score
0.002EPSS
6.6CVSS
7AI Score
0.001EPSS
RHEL 4 : bind (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bind: deleted domain name resolving flaw (CVE-2012-1033) bind: malformed signature records for DNAME...
8.6CVSS
7.8AI Score
0.973EPSS
6.7AI Score
0.0004EPSS
Flooding Server with Thumbnail files
Details 1. All Imagick supported Fileformats are served without filtering The Thumbnail endpoint does not check against any filters what file formats should be served. We can transcode the image in all formats imagemagick supports. With that we can create Files that are much larger in filesize...
7.5CVSS
6.5AI Score
0.001EPSS
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and...
6.3AI Score
0.0004EPSS
(RHSA-2024:3095) Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
7AI Score
0.001EPSS
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Versions of endroid/qr-code-bundle prior to 3.4.2 are affected by a security vulnerability that allows disclosure of files through the logo_path query parameter. The vulnerability arises from the improper handling of non-image data as the logo, which could lead to unintended file...
6.8AI Score
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mt_rand() function as a fallback. All outputs from mt_rand() are predictable for the same PHP process if an attacker can brute force the seed.....
7.3AI Score
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid...
7.5CVSS
6.8AI Score
0.001EPSS
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and...
7.5CVSS
6.5AI Score
0.001EPSS
Neos Information Disclosure Security Note
Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows...
6.8AI Score
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with.....
7.5CVSS
7.9AI Score
0.013EPSS
Scientific Linux Security Update : polkit on SL7.x x86_64 (20190131)
Security Fix(es) : polkit: Temporary auth hijacking via PID reuse and non-atomic fork...
6.7CVSS
6.7AI Score
0.001EPSS