Franklin Fueling System TS-550
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Fueling System Equipment: TS-550 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation...
7.6AI Score
0.001EPSS
Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers. Although these require unusual circumstances or non-default...
9.1CVSS
8.9AI Score
0.001EPSS
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The...
7.4AI Score
0.016EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8AI Score
0.001EPSS
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the...
8.8CVSS
8.3AI Score
0.0005EPSS
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the...
5.9AI Score
0.0005EPSS
What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS
Google introduced the new ".zip" Top Level Domain (TLD) on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When clicking on a name that ends in ".zip" are people intending to open an archive file or an internet...
6.8AI Score
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript...
7AI Score
0.003EPSS
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript...
7.7AI Score
0.004EPSS
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript...
7.7AI Score
0.003EPSS
Description of the security update for Outlook 2013: August 8, 2023 (KB5002449)
Description of the security update for Outlook 2013: August 8, 2023 (KB5002449) Summary This security update resolves a Microsoft Outlook spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-36893. Note: To apply this security...
6.7AI Score
0.001EPSS
In the first 6 months of 2023, our team has already added 2,471[1] individual vulnerability records to the Wordfence Intelligence WordPress Vulnerability Database. These vulnerabilities affected 1,680[2] WordPress software components. This means we have already surpassed the total number of...
9.1AI Score
Avoid the use of hard coded slippage
Lines of code Vulnerability details Impact In OptionsPositionManager.sol, swapExactTokensForTokens() has used the hardcoded slippage of 1% which is used in withdrawOptionAssets() and swapTokens() functions. function swapExactTokensForTokens(IUniswapV2Router01 ammRouter, IPriceOracle oracle, uint...
6.8AI Score
Description of the security update for Outlook 2013: July 11, 2023 (KB5002432)
Description of the security update for Outlook 2013: July 11, 2023 (KB5002432) Summary This security update resolves a Microsoft Outlook spoofing vulnerability, and Microsoft Outlook security feature bypass vulnerability. To learn more about the vulnerabilities, see the following security...
7.7AI Score
0.01EPSS
Description of the security update for Outlook 2013: June 13, 2023 (KB5002382)
Description of the security update for Outlook 2013: June 13, 2023 (KB5002382) Summary This security update resolves a Microsoft Outlook remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-33131. Note: To apply...
8.9AI Score
0.134EPSS
Update now: 9 vulnerabilities impact Cisco Small Business Series
Vulnerabilities have been found and fixed in the web-based user interface of various Cisco products in the Small Business Series. These nine issues are tied to the web-based user interface of the products, and in a worst case scenario could lead to denial of service (DoS) conditions or arbitrary...
9.8CVSS
8.2AI Score
0.002EPSS
Cisco Small Business Denial of Service Vulnerability (CNVD-2023-40906)
Cisco Small Business is a switch from the American company Cisco (Cisco). A denial of service vulnerability exists in Cisco Small Business Series Switches, which arises from a device authentication error on requests sent to the web interface, and can be exploited by an unauthenticated, remote...
9.8CVSS
8AI Score
0.002EPSS
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due.....
7.3AI Score
Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. "These vulnerabilities are due to improper validation of...
8.1AI Score
RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341) undertow: Server identity in https connection...
7.6AI Score
RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory. okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341) undertow: Server identity in https connection...
7.6AI Score
RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory. okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341) undertow: Server identity in https connection...
7.6AI Score
Incorrect calculation of the remaining updatedRewards leads to possible underflow error
Lines of code https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L725 Vulnerability details Impact RewardsManage.sol keeps track of the total number of rewards collected per epoch for all pools: File:...
6.8AI Score
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the resourceStart2 command in the CADM...
9.8CVSS
7.4AI Score
0.002EPSS
CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx,...
8AI Score
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...
9.8CVSS
9.6AI Score
0.004EPSS
Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote...
7.5CVSS
8.1AI Score
0.002EPSS
Illumina Universal Copy Service
EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Illumina Equipment: Universal Copy Service (UCS) Vulnerabilities: Binding to an Unrestricted IP Address, Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these...
7.5AI Score
0.003EPSS
Schneider Electric NetBotz Cross-Site Scripting Vulnerability
Schneider Electric NetBotz is a proactive monitoring solution from Schneider Electric, France. It is designed to protect against physical, environmental or human threats that can cause disruption or downtime to IT infrastructure. Schneider Electric NetBotz suffers from a cross-site scripting...
6.1CVSS
6.2AI Score
0.0005EPSS
7.4AI Score
6.8AI Score
6.8AI Score
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.5CVSS
6.5AI Score
0.001EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.5CVSS
6.5AI Score
0.0005EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.5CVSS
7.5AI Score
0.001EPSS
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.1CVSS
6.3AI Score
0.0005EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.5CVSS
7.6AI Score
0.001EPSS
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.1CVSS
6.3AI Score
0.0005EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.5AI Score
0.001EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
7.6AI Score
0.001EPSS
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and...
6.5AI Score
0.001EPSS
6.8AI Score
7.4AI Score
6.8AI Score
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is...
9.2AI Score
0.001EPSS
SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF)...
9.1AI Score
0.001EPSS
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) snakeyaml: Uncaught exception in...
8.2AI Score
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 (RHSA-2023:1514)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1514 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) snakeyaml: Uncaught exception in...
8.2AI Score
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 (RHSA-2023:1512)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1512 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) snakeyaml: Uncaught exception in...
8.2AI Score
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the...
4.9CVSS
5.5AI Score
0.0005EPSS