Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS...
7.2CVSS
7.2AI Score
0.001EPSS
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset....
9.8CVSS
9.7AI Score
0.005EPSS
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID:...
6.5CVSS
6.2AI Score
0.0004EPSS
IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
5.4CVSS
5.2AI Score
0.0004EPSS
8CVSS
8.8AI Score
0.0004EPSS
6.1CVSS
7.3AI Score
0.0005EPSS
CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...
9.8CVSS
9.7AI Score
0.042EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site...
6.1CVSS
6.1AI Score
0.052EPSS
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code...
8.8CVSS
9AI Score
0.001EPSS
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code...
8.8CVSS
9AI Score
0.001EPSS
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be...
8.8CVSS
8.7AI Score
0.0005EPSS
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary...
6.8CVSS
7.1AI Score
0.001EPSS
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global...
3.5CVSS
4.1AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL...
9.8CVSS
9.7AI Score
0.001EPSS
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0...
7.5CVSS
7.6AI Score
0.001EPSS
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send broadcast events to any user via the WebMonitor.An unauthenticated user can use this vulnerability to forcefully log out of any currently logged-in user by sending a "password change event"....
5.3CVSS
5.3AI Score
0.001EPSS
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string...
9.8CVSS
9.4AI Score
0.001EPSS
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain...
6.5CVSS
6.2AI Score
0.0005EPSS
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability.....
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of...
7.5CVSS
7.9AI Score
0.002EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0...
6.1CVSS
6AI Score
0.001EPSS
The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated...
9.8CVSS
9.6AI Score
0.001EPSS
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to...
8.8CVSS
8.7AI Score
0.001EPSS
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code.....
7.2CVSS
7.1AI Score
0.004EPSS
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10...
8.8CVSS
8.8AI Score
0.005EPSS
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:.....
4.3CVSS
4.4AI Score
0.003EPSS
Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system...
7.5CVSS
7.3AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid...
6.1CVSS
6.3AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules)...
6.1CVSS
6.3AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml...
6.1CVSS
6.3AI Score
0.001EPSS
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary...
9.8CVSS
9.6AI Score
0.002EPSS
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary...
9.8CVSS
9.4AI Score
0.001EPSS
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive...
5.9CVSS
5.8AI Score
0.002EPSS
7.2CVSS
7.5AI Score
0.008EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0...
6.1CVSS
6AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
6.5CVSS
6.6AI Score
0.001EPSS
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be.....
6.1CVSS
6AI Score
0.001EPSS
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin...
7.8CVSS
7.7AI Score
0.0004EPSS
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user...
9.8CVSS
9.4AI Score
0.002EPSS
Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network...
5.4CVSS
5.1AI Score
0.001EPSS
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin...
9.8CVSS
9.4AI Score
0.002EPSS
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin...
9.8CVSS
9.4AI Score
0.002EPSS
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688...
6.5CVSS
8.1AI Score
0.001EPSS
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to...
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host...
8.8CVSS
8.6AI Score
0.002EPSS
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and...
9.8CVSS
9.3AI Score
0.003EPSS