SAP NetWeaver AS ABAP XSS (3450286)
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify.....
6.1CVSS
6.4AI Score
0.0004EPSS
Security Updates for Microsoft Dynamics 365 Business Central (June 2024)
The Microsoft Dynamics 365 Business Central install is missing security updates. It is, therefore, affected by multiple vulnerabilities, including: An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2024-35248) A remote code execution...
8.8CVSS
8.7AI Score
0.001EPSS
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution Exploit
The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to...
8.2AI Score
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of...
7.5CVSS
7.6AI Score
0.0004EPSS
Cacti Import Packages Remote Code Execution Exploit
This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...
9.1CVSS
8.1AI Score
0.002EPSS
7.4AI Score
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....
7.1CVSS
7.1AI Score
0.001EPSS
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....
7.1CVSS
7.1AI Score
0.001EPSS
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....
5.3CVSS
6.8AI Score
0.0004EPSS
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Summary A Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments. Details Usually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in.....
5.3CVSS
6.8AI Score
0.0004EPSS
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...
6.5CVSS
6.3AI Score
0.0004EPSS
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: ...
5.3CVSS
5.6AI Score
0.0004EPSS
CVE-2023-29267 IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
CVE-2024-31881 IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...
6.5CVSS
6.4AI Score
0.0004EPSS
CVE-2024-31881 IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: ...
6.5CVSS
0.0004EPSS
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: ...
5.3CVSS
5.2AI Score
0.0004EPSS
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
7.7AI Score
0.001EPSS
CVE-2024-28762 IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
Apache Submarine Server Core Incorrect Authorization vulnerability
Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance....
6.8AI Score
0.0004EPSS
Apache Submarine Server Core has a SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...
7.5AI Score
0.0004EPSS
Apache Submarine Server Core has a SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...
7.5AI Score
0.0004EPSS
Apache Submarine Server Core Incorrect Authorization vulnerability
Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance....
6.8AI Score
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....
6.5AI Score
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....
0.0004EPSS
Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...
5.3CVSS
0.0004EPSS
Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...
5.3CVSS
6.8AI Score
0.0004EPSS
Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...
5.3CVSS
5.3AI Score
0.0004EPSS
A flaw was found in grps-js, which implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length...
5.3CVSS
5.1AI Score
0.0005EPSS
CVE-2024-31217 @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, affecting either development and production environments. Usually, errors in the application cause...
5.3CVSS
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that...
0.0004EPSS
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that...
7.1AI Score
0.0004EPSS
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...
8.2AI Score
0.0004EPSS
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...
0.0004EPSS
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...
6.8AI Score
0.0004EPSS
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...
0.0004EPSS
CVE-2024-36265 Apache Submarine Server Core: authorization bypass
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....
0.0004EPSS
CVE-2024-36265 Apache Submarine Server Core: authorization bypass
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or....
6.8AI Score
0.0004EPSS
CVE-2024-36263 Apache Submarine Server Core: SQL injection
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that...
0.0004EPSS
CVE-2024-1659 Arbitrary File Upload in MegaBIP
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through...
0.0004EPSS
CVE-2024-1577 Remote Code Execution in MegaBIP
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects all versions of MegaBIP...
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-25026 ....
5.9CVSS
7AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...
7CVSS
7.1AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability....
4.3CVSS
6.3AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details **...
7.2AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID:...
5.9CVSS
7AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable toCVE-2024-22353.This bulletin contains information regarding the...
7.5CVSS
7.1AI Score
0.0004EPSS
Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270). This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION:...
4.7CVSS
5.9AI Score
0.0004EPSS