Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via...
6.1CVSS
6.2AI Score
0.0004EPSS
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting
Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php...
6.1CVSS
6AI Score
0.006EPSS
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations. This vulnerability is due to improper separation.....
9.1CVSS
7.2AI Score
0.023EPSS
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav...
8.8CVSS
8.8AI Score
0.001EPSS
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav...
8.8CVSS
8.8AI Score
0.001EPSS
Deserialization of untrusted data
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav...
8.8CVSS
8.8AI Score
0.001EPSS
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of...
8.8CVSS
8.7AI Score
0.001EPSS
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav...
9AI Score
0.001EPSS
Exploit for Improper Resource Shutdown or Release in Eero Eeroos
eeroOS Ethernet Interface Denial of Service Vulnerability...
6.5AI Score
A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
9.8CVSS
7.4AI Score
0.001EPSS
A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
9.8CVSS
9.7AI Score
0.001EPSS
CVE-2023-5300 TTSPlanning sql injection
A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
6.3CVSS
10AI Score
0.001EPSS
CVE-2023-5300 TTSPlanning sql injection
A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...
6.3CVSS
7.4AI Score
0.001EPSS
What’s New in InsightVM and Nexpose: Q3 2023 in Review
A lot of new and exciting product updates this quarter to help customers continue driving better security outcomes. We are thrilled to launch a new vulnerability risk scoring strategy this quarter along with upgrades like improved UI for the Engine Pool page, more policy coverage, and more. Let’s.....
9.8CVSS
7.3AI Score
0.968EPSS
Exploit for Vulnerability in Fit2Cloud Jumpserver
CVE-2023-42820 漏洞描述 JumpServer 是一款广受欢迎的开源堡垒机,是符合 4A...
8.3AI Score
0.0005EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: DEXMA Equipment: DEXGate Vulnerabilities: Cross-Site Scripting, Cross-Site Request Forgery, Improper Authentication, Cleartext Transmission of Sensitive Information, Exposure of Sensitive...
8.8CVSS
6.5AI Score
0.001EPSS
Rockwell Automation PanelView 800
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose...
9.8CVSS
9.9AI Score
0.028EPSS
Exploit for PHP External Variable Modification in Juniper Junos
Juniper Scanner Scanner for CVE-2023-36845 by bt0 More...
9.8CVSS
6.4AI Score
0.966EPSS
‘Snatch’ Ransom Group Exposes Visitor IP Addresses
The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid...
6.9AI Score
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Suprema Inc. Equipment: BioStar 2 Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
6.5CVSS
7.8AI Score
0.005EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: SOCOMEC Equipment: MODULYS GP Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive...
7.5CVSS
7.4AI Score
0.001EPSS
Mitsubishi Electric FA Engineering Software
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to...
9.3CVSS
7.8AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: EKI-1524-CE, EKI-1522-CE, EKI-1521-CE Vulnerabilities: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of these...
9CVSS
6.5AI Score
0.001EPSS
Baker Hughes Bently Nevada 3500
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baker Hughes - Bently Nevada Equipment: Bently Nevada 3500 System Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Transmission of Sensitive Information,...
8.2CVSS
7.6AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Asset Suite 9 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to enter an...
8.8CVSS
7.6AI Score
0.001EPSS
Malicious code in fca-rqzax-v3 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0ecedbb47457d84a3321523d3e9df1d860170b1c57af2d4fb6b5faf7f89b742a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
6.8AI Score
JVN#97197972: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"
WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type (CWE-434) - CVE-2023-40219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.7 CVSS...
8.8CVSS
7AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.2CVSS
7.1AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...
7.8CVSS
7.9AI Score
0.151EPSS
Rockwell Automation Select Logix Communication Modules
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK...
9.8CVSS
8.2AI Score
0.001EPSS
Rockwell Automation Connected Components Workbench
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Rockwell Automation Equipment: Connected Components Workbench Vulnerabilities: Use After Free, Out-of-bounds Write 2. RISK EVALUATION...
9.6CVSS
7.7AI Score
0.805EPSS
Rockwell Automation FactoryTalk View Machine Edition
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Machine Edition Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
9.8CVSS
8.1AI Score
0.001EPSS
Real Time Automation 460 Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Real Time Automation Equipment: 460MCBS Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
9.4CVSS
6.5AI Score
0.0005EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...
5.5CVSS
5AI Score
0.0004EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...
4.4CVSS
4.5AI Score
0.0004EPSS
Omron Engineering Software Zip-Slip
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio, NX-IO Configurator Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system. 3....
5.5CVSS
6.4AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1...
7.8CVSS
7.7AI Score
0.0004EPSS
Siemens SIMATIC PCS neo Administration Console
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
5.5CVSS
5.7AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: Sysmac CJ/CS/CP Series Vulnerability: Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
9.1CVSS
6.9AI Score
0.001EPSS
Debian DSA-5500-1 : flac - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5500 advisory. Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder....
7.8CVSS
6.6AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.001EPSS
This Week in Spring - September 19th, 2023 (Java 21 Edition)
Hi, Spring fans! Welcome to another installment of This Week in Spring - Java 21 edition! The big news, indeed, the biggest news, is that Java 21 is now available here! You should use SDKMAN to install it, like this: sdk install java 21-graalce && sdk default java 21-graalce. This install givews...
6.7AI Score
[SECURITY] [DSA 5500-1] flac security update
Debian Security Advisory DSA-5500-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 18, 2023 https://www.debian.org/security/faq Package : flac CVE ID : CVE-2020-22219 A buffer overflow was...
7.8CVSS
7.8AI Score
0.001EPSS
Wago CODESYS V3 Improper Input Validation (CVE-2022-47391)
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability in the CMPDevice Component to read from invalid addresses leading to a denial of service. Wago PFC200 and Compact Controllers support Codesys V3. This plugin only...
7.5CVSS
6.9AI Score
0.002EPSS
Wago CODESYS V3 Out-of-bounds Write (CVE-2022-47379)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC200....
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47389)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Improper Restriction of Operations (CVE-2022-47393)
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the CmpFileTransfer Component of multiple versions of multiple CODESYS products to force a denial-of-service situation. Wago PFC200 and Compact Controllers support...
6.5CVSS
7AI Score
0.001EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47380)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC200....
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Improper Input Validation (CVE-2022-47392)
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition. Wago PFC200 and Compact Controllers...
6.5CVSS
6.9AI Score
0.001EPSS