9.8CVSS
7.3AI Score
0.97EPSS
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL (CVE-2023-6129). OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000....
6.5CVSS
7AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
NOTE: this cve was not found by me, i'm simply reuploading a...
8.8CVSS
6.8AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
CVE-2024-24590-ClearML-RCE-Exploit Python script that...
8.8CVSS
9.1AI Score
0.001EPSS
directus is vulnerable to Denial Of Service (DoS). The vulnerability is caused by providing a non-numeric length value to the random string generation utility, which prevents the generation of random session IDs, resulting in Denial Of Service...
7.5CVSS
7.5AI Score
0.0004EPSS
Improper Enforcement Of Behavioral Workflow
aimeos/ai-client-html is vulnerable to Improper enforcement of behavioral workflow. The vulnerability is due to an issue where digital downloads sold in online shops can be accessed without valid payment, for instance, if the payment process fails. This could allow attackers to obtain digital...
6.9AI Score
A vulnerability classified as critical was found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument un leads to sql injection.....
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The...
6.1CVSS
6AI Score
0.001EPSS
bank-locations.net Cross Site Scripting vulnerability OBB-3868174
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, falcoctl, vertical-pod-autoscaler, flux, flux-notification-controller, prometheus-stackdriver-exporter, yq, dgraph, nri-prometheus, prometheus-pushgateway, trillian, goreleaser, prometheus-postgres-exporter,....
6.1CVSS
7.3AI Score
0.001EPSS
Potential OOB Read in attp_build_value_cmd() of att_protocol.cc
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.4AI Score
0.0004EPSS
Permanent denial of service via PackageManager#setMimeGroup
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
7.4AI Score
0.0004EPSS
Permanent denial of service via PackageManager#setComponentEnabledSetting
In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.6AI Score
0.0004EPSS
Spring Boot Actuator denial of service vulnerability
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring.....
6.5CVSS
5.8AI Score
0.0004EPSS
Spring Boot Actuator denial of service vulnerability
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring.....
6.5CVSS
5.8AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
[![Download](https://img.shields.io/github/v/release/rakutentech......
9AI Score
Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...
5.3CVSS
6.4AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...
7.8CVSS
8.7AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Gnu Glibc
PoC of CVE-2023-4911 Looney Tunables This is a PoC of...
7.8CVSS
8.3AI Score
0.014EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
How it works- Need access to the team work space...
8.8CVSS
6.8AI Score
0.001EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft
ProxyShell Proof of Concept Exploit for Microsoft Exchange...
8.5AI Score
7.8CVSS
8.4AI Score
0.001EPSS
Bypass of overlay protection in landscape mode
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed...
7AI Score
EPSS
Permanent denial of service via NotificationManager#addAutomaticZenRule
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.9AI Score
0.0004EPSS
9.8CVSS
7.2AI Score
0.007EPSS
[Denial Of Service Android 13 September 2022]
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.7AI Score
0.001EPSS
Permanent denial of service via WifiManager#addNetworkSuggestions
In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.3AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228(Apache Log4j Remote Code Execution) [all...
10CVSS
10AI Score
0.976EPSS
Denial of service in langchain-community
Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...
4.2CVSS
4.3AI Score
0.0004EPSS
Deserialization of untrusted data in Jackson Databind
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka...
8.1CVSS
3.2AI Score
0.053EPSS
typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to improper session validation, which allows attackers to create an arbitrary amount of individual session-data records in the database, which results in Denial of...
7.1AI Score
Microsoft.NETCore.App.Runtime is vulnerable to Denial of Service. The vulnerability is due to reading a maliciously crafted X.509 certificate which may result in Denial of Service. This issue only affects Linux...
6.5CVSS
6.7AI Score
0.001EPSS
Regular Expression Denial Of Service (ReDoS)
ua-parser/uap-php is vulnerable toRegular Expression Denial Of Service (ReDoS). The vulnerability is due to use of inefficient or poorly constructed regular expressions that can take an exceptionally long time to evaluate against certain input strings, which results in Regular Expression Denial Of....
7AI Score
TaskFragmentOrganizer.applySyncTransaction() allows leaking SurfaceControl of outer Task
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.7AI Score
0.0004EPSS
Permanent denial of service via NotificationManager#createNotificationChannel
In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
Exploit for Improper Control of Dynamically-Managed Code Resources in Crushftp
CVE-2023-43177 CrushFTP...
9.8CVSS
7.6AI Score
0.959EPSS
Exploit for External Control of File Name or Path in Moodle
CVE-2023-30943 Vulnerability Scanner This tool detects a...
6.5CVSS
6AI Score
0.016EPSS
Mattermost fails to authenticate the source of certain types of post actions in...
6.5CVSS
6.3AI Score
0.0004EPSS
Denial Of Service Via Account Lockout
org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect...
7AI Score
Exploit for Deserialization of Untrusted Data in Atlassian Bitbucket Data Center
CVE-2022-26133 说明 Atlassian Bitbucket Data Center...
9.8CVSS
1.3AI Score
0.009EPSS
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: coredns, dex, cosign, cilium-cli, nri-mssql, rqlite, kots, falcoctl, flux, fulcio, prometheus-stackdriver-exporter, dgraph, trillian, goreleaser, kubernetes-event-exporter, prometheus-postgres-exporter, certificate-transparency, cfssl, temporal-ui-server, tkn,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, falcoctl, vertical-pod-autoscaler, flux, flux-notification-controller, prometheus-stackdriver-exporter, yq, dgraph, nri-prometheus, prometheus-pushgateway, kubernetes-ingress-defaultbackend, trillian,...
7.5AI Score
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....
8.8CVSS
6AI Score
0.038EPSS
8.8CVSS
9.4AI Score
0.609EPSS
Symfony is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper hostname validation via a regular expression within Request::getHost(), which results in...
6.5AI Score
EPSS
Grafana Spoofing originalUrl of snapshots
To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....
6.7CVSS
3.9AI Score
0.001EPSS
Mattermost fails to authenticate the source of certain types of post actions
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post...
6.5CVSS
6.5AI Score
0.0004EPSS
CVE-2018-11236: fix stack buffer overflow when realpath() input length is close to SSIZE_MAX. CVE-2024-2961: fix out-of-bound writes in ISO-2022-CN-EXT escape...
9.8CVSS
7.2AI Score
0.014EPSS
Mattermost vulnerable to denial of service via large number of emoji reactions in...
4.3CVSS
6.5AI Score
0.0005EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms
CVE-2023-38836 Exploit File Upload vulnerability in BoidCMS...
8.8CVSS
8.6AI Score
0.668EPSS