An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of...
9.1CVSS
6.9AI Score
0.001EPSS
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the flatpak(1) command-line.....
5CVSS
5.8AI Score
0.001EPSS
qdPM 9.2 - Directory Traversal
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads...
7.5CVSS
7.5AI Score
0.003EPSS
[SECURITY] [DSA 5705-1] tinyproxy security update
Debian Security Advisory DSA-5705-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 05, 2024 https://www.debian.org/security/faq Package : tinyproxy CVE ID : CVE-2023-49606 A use-after-free...
9.8CVSS
9.5AI Score
0.001EPSS
Exploit for Improper Access Control in Microsoft
CVE-2023-41772 / UIFuckUp UIFuckUp exploit to gain system...
7.8CVSS
7.8AI Score
0.022EPSS
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication...
7.7CVSS
7AI Score
0.001EPSS
Path traversal in github.com/cloudwego/hertz
Improper path sanitization on Windows permits path traversal attacks. Static file serving with the Static or StaticFS functions allows an attacker to access files from outside the filesystem root. This vulnerability does not affect non-Windows...
7.5CVSS
7.5AI Score
0.001EPSS
4.7CVSS
5.3AI Score
0.049EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to....
7.5CVSS
6.7AI Score
0.001EPSS
silverstripe/framework member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
github.com/wolfi-dev/wolfictl is vulnerable to GitHub Token Leakage. The vulnerability is due to a local user's GitHub token being sent to remote servers other than github.com if a user ran wolfictl update with a non github...
4.4CVSS
6.7AI Score
0.0004EPSS
HP PC BIOS Additional Security Update for TOCTOU
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has...
7.6AI Score
0.0004EPSS
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that...
7.8CVSS
7.8AI Score
0.0004EPSS
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): jinja2: HTML attribute injection when passing user input as keys to...
6.1CVSS
6.4AI Score
0.001EPSS
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can.....
8.8CVSS
6.8AI Score
0.001EPSS
F5 BIG-IP - BIND vulnerability CVE-2016-2848
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource...
7.5CVSS
7.4AI Score
0.242EPSS
Exploit for Expression Language Injection in Apache Log4J
Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046...
9CVSS
8.8AI Score
0.974EPSS
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for...
6.8AI Score
0.0004EPSS
SQL injection in github.com/jackc/pgx/v4
SQL injection is possible when the database uses the non-default simple protocol, a minus sign directly precedes a numeric placeholder followed by a string placeholder on the same line, and both parameter values are...
8.1CVSS
8.2AI Score
0.0004EPSS
Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fix(es): vorbis-tools: Buffer Overflow vulnerability...
7.8CVSS
6.6AI Score
0.001EPSS
4.7CVSS
7.1AI Score
0.049EPSS
silverstripe/framework vulnerable to member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
IceWarp WebMail 11.3.1.5 - Cross-Site Scripting
IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language...
6.1CVSS
6AI Score
0.001EPSS
Vulnerability of OpenSSL cryptographic library is related to the use of non-standard option SSL_OP_NO_TICKET option, in which case the session cache continues to grow indefinitely. Exploiting the vulnerability could Allow an attacker acting remotely to cause a denial of...
6.6AI Score
0.0004EPSS
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted...
6.5CVSS
6.5AI Score
0.001EPSS
Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...
7.4AI Score
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash
Summary iq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash. Details When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory...
5.3CVSS
6.4AI Score
0.0004EPSS
silverstripe/framework vulnerable to member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages. Users that don't exist in will never get a locked out message Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has...
7.1AI Score
Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, >, or =, as each would then be interpreted as starting a separate attribute. If an...
6.1CVSS
6.4AI Score
0.001EPSS
SolarWinds Serv-U Unauthenticated Arbitrary File Read
This module exploits an unauthenticated file read vulnerability, due to directory traversal, affecting SolarWinds Serv-U FTP Server 15.4, Serv-U Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to the vendor supplied hotfix "15.4.2 Hotfix 2" (version 15.4.2.157) are...
8.6CVSS
7.3AI Score
0.343EPSS
RHEL 5 : bind (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145) ISC...
7.5CVSS
7.1AI Score
0.934EPSS
Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation....
9.9CVSS
8.6AI Score
0.001EPSS
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the....
6.7AI Score
0.0004EPSS
TermTalk Server 3.24.0.2 - Local File Inclusion
TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to...
7.5CVSS
7.8AI Score
0.452EPSS
SolarView 6.00 - Remote Command Execution
SolarView Compact 6.00 is vulnerable to a command injection via...
9.8CVSS
9.8AI Score
0.961EPSS
Hue Magic 3.0.0 - Local File Inclusion
Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile...
7.5CVSS
7.5AI Score
0.282EPSS
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Reporting in syscall. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. Specific Go Packages Affected...
5.3CVSS
7.7AI Score
0.002EPSS
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): jinja2: HTML attribute injection when passing user input as keys to...
6.1CVSS
6.3AI Score
0.001EPSS
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
9.8CVSS
10AI Score
0.068EPSS
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example,...
6.5CVSS
6.8AI Score
0.001EPSS
Directus is soft-locked by providing a string value to random string util
Describe the Bug Providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions...
7.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL, which triggers a...
6.5AI Score
0.0004EPSS
Twig Path Traversal vulnerability in the filesystem loader
Twig is affected by path traversal vulnerability when used with Twig_Loader_Filesystem for loading Twig templates but only if the application is using non-trusted template names (names provided by a end-user for instance). When affected, it is possible to go up one directory for the paths...
6.8AI Score
iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash
Summary iq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash. Details When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class sun.misc.Unsafe to speed up memory...
5.3CVSS
6.4AI Score
0.0004EPSS
Unlimited number of NTS-KE connections can crash ntpd-rs server
Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...
7.5CVSS
7AI Score
0.0004EPSS
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Reporting in syscall. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. Specific Go Packages Affected...
7.5AI Score
0.002EPSS
Unlimited number of NTS-KE connections can crash ntpd-rs server
Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...
7.5CVSS
7AI Score
0.0004EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd...
5.3CVSS
7AI Score
0.001EPSS