Exchange Security Vulnerabilities
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from...
7.3CVSS
7.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Exchange Rates Widget allows Stored XSS.This issue affects Exchange Rates Widget: from n/a through...
6.5CVSS
9.1AI Score
0.0004EPSS
8.8CVSS
9.2AI Score
0.005EPSS
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting...
8.3CVSS
8.5AI Score
0.0004EPSS
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper...
7.8CVSS
7.7AI Score
0.001EPSS
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT...
5.5CVSS
6.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget – Exchange Rates allows Stored XSS.This issue affects Currency Converter Widget – Exchange Rates: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as...
8.6CVSS
8.5AI Score
0.0005EPSS
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...
5.5CVSS
5.2AI Score
0.0004EPSS
8CVSS
8.2AI Score
0.001EPSS
8CVSS
8AI Score
0.001EPSS
8CVSS
8AI Score
0.001EPSS
8CVSS
8AI Score
0.001EPSS
8CVSS
8.8AI Score
0.001EPSS
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management -...
8.4CVSS
7.6AI Score
0.0004EPSS
5.7CVSS
5.4AI Score
0.002EPSS
8CVSS
7.6AI Score
0.003EPSS
8CVSS
7.8AI Score
0.001EPSS
8CVSS
7.8AI Score
0.001EPSS
8CVSS
7.8AI Score
0.001EPSS
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...
8.1CVSS
8AI Score
0.025EPSS
The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper...
7.8CVSS
7.5AI Score
0.0005EPSS
8.8CVSS
8.7AI Score
0.008EPSS
8.8CVSS
8.4AI Score
0.019EPSS
8CVSS
8.5AI Score
0.001EPSS
8CVSS
8.5AI Score
0.001EPSS
8.8CVSS
9AI Score
0.001EPSS
9.8CVSS
9.2AI Score
0.002EPSS
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information...
7.8CVSS
7.6AI Score
0.001EPSS
8.8CVSS
9.2AI Score
0.088EPSS
8CVSS
8.7AI Score
0.001EPSS
The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary...
4.3CVSS
4.5AI Score
0.001EPSS
7.2CVSS
8.2AI Score
0.016EPSS
8.8CVSS
9.2AI Score
0.516EPSS
8.8CVSS
9.2AI Score
0.008EPSS
8.8CVSS
9.2AI Score
0.012EPSS
Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE...
7.5CVSS
7.5AI Score
0.008EPSS
7.8CVSS
8AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.002EPSS
8CVSS
7.5AI Score
0.033EPSS
8CVSS
8AI Score
0.076EPSS
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model...
5.4CVSS
5.2AI Score
0.001EPSS
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer...
8.8CVSS
8.7AI Score
0.001EPSS
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to...
9.8CVSS
9.6AI Score
0.004EPSS
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these...
7.5CVSS
7.2AI Score
0.011EPSS
7.8CVSS
8.4AI Score
0.001EPSS
8CVSS
7.6AI Score
0.045EPSS