8.8CVSS
8.8AI Score
0.002EPSS
8.8CVSS
8.8AI Score
0.002EPSS
7.5CVSS
7.3AI Score
0.001EPSS
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...
9.8CVSS
8.9AI Score
0.047EPSS
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling...
9.8CVSS
8.9AI Score
0.047EPSS
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...
6.5CVSS
9AI Score
0.001EPSS
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length...
5.3CVSS
7.7AI Score
0.001EPSS
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for...
9.8CVSS
6.7AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.001EPSS
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...
7.5CVSS
7.5AI Score
0.002EPSS
5.9CVSS
5.8AI Score
0.001EPSS
8.8CVSS
5.8AI Score
0.001EPSS
7.5CVSS
7.2AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.008EPSS
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS...
6.1CVSS
6AI Score
0.001EPSS
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host...
6.5CVSS
6.6AI Score
0.001EPSS
8.1CVSS
7.8AI Score
0.001EPSS
8.1CVSS
7.9AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.002EPSS
7.5CVSS
7.3AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.001EPSS
7.3CVSS
7.2AI Score
0.002EPSS
6.5CVSS
6.8AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All....
8.8CVSS
8.8AI Score
0.0005EPSS
A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Affected by this issue is some unknown functionality of the file /Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05 of the...
8.8CVSS
8.8AI Score
0.001EPSS
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2)...
8.8CVSS
8.9AI Score
0.003EPSS
7.8CVSS
7.8AI Score
0.002EPSS
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2...
7.4CVSS
7.1AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE.....
7.5CVSS
7.2AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE.....
7.5CVSS
7.2AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE.....
7.5CVSS
7.2AI Score
0.001EPSS
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than...
7.5CVSS
8.2AI Score
0.002EPSS
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount...
7.5CVSS
8.3AI Score
0.005EPSS
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The...
5.9CVSS
7.4AI Score
0.001EPSS
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...
7.5CVSS
7.3AI Score
0.02EPSS
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary...
9.8CVSS
9.6AI Score
0.002EPSS
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary...
9.8CVSS
9.4AI Score
0.001EPSS
Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to...
7.2CVSS
7AI Score
0.001EPSS