6.3AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
8.6AI Score
0.001EPSS
5.4AI Score
0.0004EPSS
CVE-2024-30015 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
...
7.4AI Score
0.001EPSS
CVE-2024-30014 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
...
7.4AI Score
0.001EPSS
6.5AI Score
0.001EPSS
8.6AI Score
0.0004EPSS
6.4AI Score
0.0004EPSS
CVE-2024-30009 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
...
8.6AI Score
0.001EPSS
5.4AI Score
0.0004EPSS
CVE-2024-30006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
...
8.6AI Score
0.001EPSS
8.7AI Score
0.0004EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
6.5AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
7.8CVSS
7.8AI Score
0.0004EPSS
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
7.8CVSS
7.8AI Score
0.0004EPSS
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
7.8CVSS
7.3AI Score
0.0004EPSS
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
7.8CVSS
7.3AI Score
0.0004EPSS
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
7.8CVSS
7.3AI Score
0.0004EPSS
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
7.8CVSS
7.3AI Score
0.0004EPSS
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
7.8CVSS
7.3AI Score
0.0004EPSS
A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
7.8CVSS
7.8AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE- Build 1467, evEDGE-EO- Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login...
7.5AI Score
Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE- Build 1467, evEDGE-EO- Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code via a crafted payload to the login...
7AI Score
Use after free issue in editcap could cause denial of service via crafted capture...
7.3AI Score
0.0004EPSS
Memory handling issue in editcap could cause denial of service via crafted capture...
7AI Score
0.0004EPSS
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture...
7.3AI Score
0.0004EPSS
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:...
7AI Score
0.002EPSS
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other...
6.1AI Score
0.0004EPSS
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in...
6.7AI Score
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls compat_password_hash when users set their password. compat_password_hash use password_hash if there is it, else use md5. When verifying password, it calls compat_password_verify. In...
7.1AI Score
0.001EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
8.7AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the...
8.6AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in form_save() function in graph_template_inputs.php is not thoroughly checked and is used to concatenate the SQL statement in draw_nontemplated_fields_graph_item() function...
7.7AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in automation_get_new_graphs_sql function of api_automation.php allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation.....
8.2AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in form_save() function in data_queries.php is not thoroughly checked and is used to concatenate the HTML statement in grow_right_pane_tree() function from lib/html.php , finally...
6AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules_form_save() function in automation_tree_rules.php is not thoroughly checked and is used to concatenate the HTML statement in form_confirm() function...
6.3AI Score
0.0004EPSS
5.4CVSS
7AI Score
0.0005EPSS
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raise_message_javascript from lib/functions.php now uses purify.js to fix CVE-2023-50250.....
6.4AI Score
0.0004EPSS
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and...
6.4AI Score
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be.....
7.5AI Score