VYPR

CVEs

100,082 total · page 675 of 2,002

  • CVE-2024-37063HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.

  • CVE-2024-37062HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.

  • CVE-2024-37061HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.

  • CVE-2024-37060HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.

  • CVE-2024-37059HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37058HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37057HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37056HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37055HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37054HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37053HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2024-37052HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

  • CVE-2023-47837HigJun 4, 2024
    risk 0.54cvss 8.3epss 0.00

    Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.

  • CVE-2023-46630HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.

  • CVE-2024-5000HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.

  • CVE-2023-5751HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. 

  • CVE-2024-5422HigJun 4, 2024
    risk 0.46cvss epss 0.01

    An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

  • CVE-2024-5421HigJun 4, 2024
    risk 0.57cvss epss 0.04

    Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

  • CVE-2024-5420HigJun 4, 2024
    risk 0.54cvss epss 0.06

    Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

  • CVE-2024-20878HigJun 4, 2024
    risk 0.47cvss 7.3epss 0.00

    Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2024-20877HigJun 4, 2024
    risk 0.47cvss 7.3epss 0.00

    Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2024-20874HigJun 4, 2024
    risk 0.51cvss 7.9epss 0.00

    Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities.

  • CVE-2024-4856HigJun 4, 2024
    risk 0.53cvss 8.2epss 0.00

    The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users

  • CVE-2024-4749HigJun 4, 2024
    risk 0.54cvss 8.3epss 0.00

    The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

  • CVE-2024-3555HigJun 4, 2024
    risk 0.47cvss 7.2epss 0.00

    The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for…

  • CVE-2024-2019HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.00

    The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for…

  • CVE-2024-4870HigJun 4, 2024
    risk 0.47cvss 7.2epss 0.00

    The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the '_cf7frr_' post meta. This makes it possible for authenticated attackers, with editor-level access…

  • CVE-2022-1242HigJun 3, 2024
    risk 0.51cvss 7.8epss 0.00

    Apport can be tricked into connecting to arbitrary sockets as the root user

  • CVE-2022-0555HigJun 3, 2024
    risk 0.00cvss 8.4epss 0.00

    Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions

  • CVE-2021-3899HigJun 3, 2024
    risk 0.51cvss 7.8epss 0.00

    There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

  • CVE-2024-4540HigJun 3, 2024
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly…

  • CVE-2024-32983HigJun 3, 2024
    risk 0.00cvss 8.2epss 0.00

    Misskey is an open source, decentralized microblogging platform. Misskey doesn't perform proper normalization on the JSON structures of incoming signed ActivityPub activity objects before processing them, allowing threat actors to spoof the contents of signed activities and…

  • CVE-2024-36128HigJun 3, 2024
    risk 0.42cvss 7.5epss 0.01

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This…

  • CVE-2024-36127HigJun 3, 2024
    risk 0.42cvss 7.5epss 0.00

    apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.

  • CVE-2024-36728HigJun 3, 2024
    risk 0.53cvss 8.1epss 0.05

    TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key.

  • CVE-2024-36569HigJun 3, 2024
    risk 0.53cvss 8.1epss 0.01

    Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php.

  • CVE-2024-35631HigJun 3, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212.

  • CVE-2024-35630HigJun 3, 2024
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through 12.6.

  • CVE-2024-34794HigJun 3, 2024
    risk 0.39cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.21.3.

  • CVE-2024-23670HigJun 3, 2024
    risk 0.51cvss 7.8epss 0.00

    An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

  • CVE-2024-23668HigJun 3, 2024
    risk 0.57cvss 8.8epss 0.01

    An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

  • CVE-2024-23667HigJun 3, 2024
    risk 0.51cvss 7.8epss 0.00

    An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

  • CVE-2024-23363HigJun 3, 2024
    risk 0.49cvss 7.5epss 0.00

    Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame.

  • CVE-2024-23360HigJun 3, 2024
    risk 0.55cvss 8.4epss 0.00

    Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

  • CVE-2023-43555HigJun 3, 2024
    risk 0.53cvss 8.2epss 0.00

    Information disclosure in Video while parsing mp2 clip with invalid section length.

  • CVE-2023-43542HigJun 3, 2024
    risk 0.51cvss 7.8epss 0.00

    Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked.

  • CVE-2024-36963HigJun 3, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to…

  • CVE-2024-36960HigJun 3, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure…

  • CVE-2024-20066HigJun 3, 2024
    risk 0.49cvss 7.5epss 0.01

    In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477.

  • CVE-2024-36390HigJun 2, 2024
    risk 0.49cvss 7.5epss 0.00

    MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service