7.4AI Score
Oracle Linux 8 : python3.11 (ELSA-2024-4058)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4058 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...
7.8CVSS
7.5AI Score
0.0005EPSS
Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers to achieve unauthenticated remote code...
0.0004EPSS
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...
8.2CVSS
6.1AI Score
0.001EPSS
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-647 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into...
8.2CVSS
7.1AI Score
0.001EPSS
SUSE SLES15 Security Update : gnome-settings-daemon (SUSE-SU-2024:2170-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2170-1 advisory. - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Tenable has extracted the preceding description...
7AI Score
0.0004EPSS
NextChat < 2.12.4 Server-Side Request Forgery
NextChat (formerly ChatGPT-Next-Web) versions prior to 2.12.4 are vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacker to make the vulnerable instance issue arbitrary requests on both external or internal assets through the....
7.3AI Score
6.8CVSS
7.1AI Score
0.0004EPSS
7.4AI Score
Google Chrome < 126.0.6478.126 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 126.0.6478.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024_06_stable-channel-update-for-desktop_24 advisory. Use after free in Dawn. (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293) ...
6.8AI Score
0.0004EPSS
Amazon Linux 2 : iperf3 (ALAS-2024-2579)
The version of iperf3 installed on the remote host is prior to 3.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2579 advisory. It is possible for a malicious or malfunctioning client to send lessthan the expected amount of data to the server. If this...
5.3CVSS
7AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libarchive (SUSE-SU-2024:2171-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2171-1 advisory. - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). Tenable has extracted the...
7.3CVSS
7.3AI Score
0.003EPSS
RHEL 9 : pki-core (RHSA-2024:4051)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4051 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...
7.5CVSS
7.8AI Score
0.0004EPSS
RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:4070)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4070 advisory. Red Hat Certificate System (RHCS) is a complete implementation of an enterprise software system designed to manage enterprise Public Key...
7.5CVSS
7.3AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
Dextaz Ping <= 0.65 - Admin+ RCE
Description The plugin is vulnerable to Remote Code Execution, allowing authenticated attackers, with administrator-level access and above, to execute code on the...
9.1CVSS
7.4AI Score
0.0005EPSS
7.5AI Score
0.0004EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-gunicorn) (RHSA-2024:4054)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4054 advisory. Gunicorn (Green Unicorn) is a Python WSGI HTTP server for UNIX. Security Fix(es): * HTTP Request Smuggling due to improper validation of...
7.5CVSS
7.7AI Score
0.0004EPSS
RHEL 9 : dnsmasq (RHSA-2024:4052)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4052 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. ...
7.5CVSS
6.9AI Score
0.003EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6844-1 advisory. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the...
4.4CVSS
9.6AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vte (SUSE-SU-2024:2180-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2180-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory...
6.8AI Score
0.0004EPSS
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the...
0.0005EPSS
MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...
6.9AI Score
0.0004EPSS
MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...
0.0004EPSS
The Ultimate Guide To Buying A Server For Your Small Business
Purchasing a server might be difficult. This is particularly valid for those making their first purchase. There...
7.3AI Score
Exploit for Incorrect Conversion between Numeric Types in Microsoft
This repository contains a poc for CVE-2023-23388, which is...
8.8CVSS
6.9AI Score
0.0004EPSS
VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...
8.4AI Score
MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. (The server process is not...
0.0004EPSS
ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor
Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang,"...
7.8CVSS
9.1AI Score
0.97EPSS
Warning: New Adware Campaign Targets Meta Quest App Seekers
A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes,"...
7.1AI Score
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
6.5AI Score
0.001EPSS
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
6.5AI Score
0.001EPSS
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
5.4AI Score
0.001EPSS
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
0.001EPSS
CVE-2024-4940 Open Redirect in gradio-app/gradio
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....
5.4CVSS
0.001EPSS
SUSE SLES15 Security Update : kernel (Live Patch 37 for SLE 15 SP3) (SUSE-SU-2024:2143-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2143-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_138 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.4AI Score
0.0004EPSS
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2024:2140-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2140-1 advisory. - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content- ...
9.8CVSS
6.8AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2135-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following...
8CVSS
8.4AI Score
EPSS
SUSE SLES15 Security Update : kernel (Live Patch 39 for SLE 15 SP3) (SUSE-SU-2024:2145-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2145-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_144 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
8.3AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 47 for SLE 15 SP2) (SUSE-SU-2024:2121-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2121-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_188 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
7.8AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP3) (SUSE-SU-2024:2139-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2139-1 advisory. This update for the Linux Kernel 5.3.18-150300_59_158 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
8AI Score
0.0005EPSS
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 41 for SLE 15 SP2) (SUSE-SU-2024:2123-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2123-1 advisory. This update for the Linux Kernel 4.12.14-122_179 fixes several issues. The following security issues were fixed: - CVE-2021-46955:...
7AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 43 for SLE 15 SP2) (SUSE-SU-2024:2115-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2115-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_172 fixes several issues. The following security issues were fixed: - CVE-2021-46955: Fixed...
7.8CVSS
8.3AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 82830965-3073-11ef-a17d-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Azure Identity Libraries...
5.5CVSS
7AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (Live Patch 44 for SLE 15 SP3) (SUSE-SU-2024:2149-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2149-1 advisory. This update for the Linux Kernel 5.3.18-150200_24_191 fixes one issue. The following security issue was fixed: - CVE-2023-1829: Fixed a use-after-free...
7.8CVSS
7.3AI Score
0.0005EPSS
Debian dla-3834 : libnetty-java - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] ...
5.3CVSS
5.3AI Score
0.0004EPSS
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 33 for SLE 15 SP3) (SUSE-SU-2024:2124-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2124-1 advisory. This update for the Linux Kernel 4.12.14-122_162 fixes several issues. The following security issues were fixed: - CVE-2021-46955:...
7.2AI Score
0.0005EPSS
SUSE SLES15 Security Update : vte (SUSE-SU-2024:2152-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2152-1 advisory. - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape....
6.8AI Score
0.0004EPSS