RHEL 6 : librsvg2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c (CVE-2017-11464) The...
7.8CVSS
7.1AI Score
0.009EPSS
RHEL 7 : cairo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cairo: Out-of-bounds read due to mishandling of unexpected malloc(0) call (CVE-2017-9814) Integer...
7.5CVSS
7.9AI Score
0.006EPSS
RHEL 7 : gdk-pixbuf2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. gdk-pixbuf2: Integer overflow in tiff_image_parse function (CVE-2017-2870) The OneLine32 function in...
7.8CVSS
7.8AI Score
0.01EPSS
RHEL 5 : wget (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wget: FTP symlink arbitrary filesystem access (CVE-2014-4877) wget: Lack of filename checking allows...
8.8CVSS
7.8AI Score
0.955EPSS
7.4AI Score
RHEL 7 : perl-image-info (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. perl-Image-Info: XXE in SVG files (CVE-2016-9181) Note that Nessus has not tested for this issue but has instead...
7.1CVSS
7AI Score
0.001EPSS
RHEL 7 : librsvg2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. chromium-browser: Buffer overflow in Skia (CVE-2014-7904) librsvg: SIGFPE is raised in box_blur_line...
7.8CVSS
7.9AI Score
0.024EPSS
RHEL 6 : exiv2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265) Buffer overflow in...
7.5CVSS
7.3AI Score
0.032EPSS
RHEL 5 : squirrelmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. squirrelmail: Insufficient escaping of user-supplied data (CVE-2017-7692) SquirrelMail: Directory...
8.8CVSS
6.7AI Score
0.073EPSS
RHEL 6 : wget (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wget: Lack of filename checking allows arbitrary file upload via FTP redirect (CVE-2016-4971) wget:...
8.8CVSS
7.5AI Score
0.955EPSS
7.4AI Score
RHEL 5 : librsvg2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. librsvg: SIGFPE is raised in box_blur_line function of rsvg-filter.c (CVE-2017-11464) The...
7.8CVSS
7.7AI Score
0.009EPSS
RHEL 5 : cairo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cairo: Out-of-bounds read due to mishandling of unexpected malloc(0) call (CVE-2017-9814) Integer...
7.5CVSS
7.9AI Score
0.006EPSS
RHEL 8 : fop (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. batik: Server-Side Request Forgery vulnerability (CVE-2022-44729) Server-Side Request Forgery (SSRF)...
7.1CVSS
7.2AI Score
0.001EPSS
7.4AI Score
RHEL 5 : tomcat5 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. tomcat: security manager bypass via IntrospectHelper utility function (CVE-2016-5018) tomcat: Remote...
9.1CVSS
8.1AI Score
0.975EPSS
7.4AI Score
RHEL 4 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: XSS with Drag and Drop and Javascript: URL (MFSA 2012-13) (CVE-2012-0455) Mozilla: SVG issues...
6.8AI Score
0.212EPSS
RHEL 6 : nmap (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nmap: arbitrary file upload flaw in http-domino-enum-passwords NSE script (CVE-2013-4885) Note that Nessus has not...
6.7AI Score
0.032EPSS
RHEL 6 : perl-image-info (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. perl-Image-Info: XXE in SVG files (CVE-2016-9181) Note that Nessus has not tested for this issue but has instead...
7.1CVSS
6.9AI Score
0.001EPSS
RHEL 7 : exiv2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. exiv2: Heap-based buffer overflow in basicio.cpp (CVE-2017-12955) Buffer overflow in the...
7.5CVSS
7.4AI Score
0.032EPSS
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as...
9.8CVSS
6.4AI Score
0.0004EPSS
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as...
9.8CVSS
6.4AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: loupe-45.3-2.fc39
An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...
7.4AI Score
7.3AI Score
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...
10CVSS
7AI Score
0.003EPSS
6.7AI Score
0.0004EPSS
7.6CVSS
6.7AI Score
0.0004EPSS
10CVSS
6.7AI Score
0.001EPSS
There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version...
5.7AI Score
EPSS
There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version...
5.7AI Score
EPSS
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...
7.2CVSS
7.3AI Score
0.001EPSS
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...
7.2CVSS
7.9AI Score
0.001EPSS
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM...
8.7CVSS
7AI Score
0.0004EPSS
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM...
8.7CVSS
8.4AI Score
0.0004EPSS
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM...
8.7CVSS
8.4AI Score
0.0004EPSS
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...
7.2CVSS
7.3AI Score
0.001EPSS
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...
7.2CVSS
7.7AI Score
0.001EPSS
wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload...
6.4AI Score
EPSS
An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload...
6AI Score
EPSS
wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload...
6AI Score
EPSS
An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload...
6.4AI Score
EPSS
Regular Expression Denial Of Service (ReDoS)
tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...
6.7AI Score
EPSS
Fedora 39 : roundcubemail (2024-a591b4dc74)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a591b4dc74 advisory. Release 1.6.7 - Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) - Fix bug where HTML entities in URLs were not decoded on HTML to plain...
6.6AI Score
Contact Form 7 Plugin for WordPress < 5.8.4 Arbitrary File Upload
The WordPress Contact Form 7 Plugin installed on the remote host is affected by an authenticated file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
7.3AI Score
7.1AI Score
0.0004EPSS
7.6CVSS
7.1AI Score
0.0004EPSS
10CVSS
7.1AI Score
0.001EPSS
7.1AI Score
0.001EPSS
7.4AI Score