Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-3da8ed5be3)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS
Fedora: Security Advisory for perl-Data-UUID (FEDORA-2024-08bb549a36)
The remote host is missing an update for...
5.5CVSS
5.6AI Score
0.0004EPSS
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via...
6.7AI Score
0.0004EPSS
JVN#51098626: Multiple vulnerabilities in WordPress Plugin "Survey Maker"
WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below. Stored cross-site scripting (CWE-79) - CVE-2023-34423 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
7AI Score
0.0004EPSS
Automation-Direct C-MORE EA9 HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-MORE EA9 HMI Vulnerabilities: Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...
7.5CVSS
8.2AI Score
0.0004EPSS
Rockwell Automation Arena Simulation
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free,...
7.8CVSS
7.4AI Score
0.0004EPSS
Security Bulletin: NVIDIA ChatRTX - March 2024
NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses and...
8.2CVSS
8AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi...
9.9CVSS
6.8AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi...
9.9CVSS
9.6AI Score
0.0004EPSS
CVE-2022-36407 Information Exposure Vulnerability in Hitachi Disk Array Systems
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi...
9.9CVSS
9.7AI Score
0.0004EPSS
CVE-2022-36407 Information Exposure Vulnerability in Hitachi Disk Array Systems
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi...
9.9CVSS
6.9AI Score
0.0004EPSS
Sr2T - Converts Scanning Reports To A Tabular Format
Scanning reports to tabular (sr2t) This tool takes a scanning tool's output file, and converts it to a tabular format (CSV, XLSX, or text table). This tool can process output from the following tools: Nmap (XML); Nessus (XML); Nikto (XML); Dirble (XML); Testssl (JSON); Fortify (FPR). Rationale...
6.6AI Score
ESAFENET CDG - Arbitrary File Download
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax...
7.5CVSS
7.6AI Score
0.054EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
8.3AI Score
EPSS
7.5AI Score
EPSS
7.4AI Score
EPSS
Exploit for Code Injection in Openplcproject Openplc V3 Firmware
CVE-2021-31630 Exploit CVE-2021-31630 Exploit PoC for...
8.8CVSS
8.5AI Score
0.006EPSS
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL...
7.2AI Score
0.0004EPSS
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL...
7.4AI Score
0.0004EPSS
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL...
7.4AI Score
0.0004EPSS
This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing. The full Help documentation can be....
7.4AI Score
JVN#94521208: Multiple vulnerabilities in FitNesse
FitNesse contains multiple vulnerabilities listed below. Multiple cross-site scripting (CWE-79) - CVE-2024-23604, CVE-2024-28128 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 ...
7.6AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0900-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0900-2 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...
7.8CVSS
8.3AI Score
EPSS
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing...
7.4CVSS
7.5AI Score
0.0005EPSS
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing...
7.4CVSS
6.9AI Score
0.0005EPSS
CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei
projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing...
7.4CVSS
7.7AI Score
0.0005EPSS
Nuclei allows unsigned code template execution through workflows
Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...
7.4CVSS
7.1AI Score
0.0005EPSS
Nuclei allows unsigned code template execution through workflows
Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...
7.4CVSS
7.5AI Score
0.0005EPSS
Decompression bomb vulnerability in github.com/go-jose/go-jose
An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or...
4.3CVSS
7.1AI Score
0.0005EPSS
[5.14.0-362.24.1_3.OL9] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] Conflict with shim-ia32.....
7.8CVSS
7.6AI Score
0.001EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0900-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0900-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...
7.8CVSS
8.3AI Score
EPSS
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 26th, 2024, during our second Bug Bounty...
7.3AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.7AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.6AI Score
0.303EPSS
Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.5CVSS
7.5AI Score
0.001EPSS
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
8.9AI Score
0.001EPSS
Siemens SINEMA Remote Connect Client
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.6CVSS
7.1AI Score
0.0005EPSS
Siemens SINEMA Remote Connect Server
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
8.3AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
7.9AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
5.5CVSS
5.8AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Low attack complexity Vendor: Softing Equipment: edgeConnector Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions that...
8CVSS
7.9AI Score
0.031EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Improper Authorization, SQL Injection, Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
8.8CVSS
8.3AI Score
0.001EPSS
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
10AI Score
EPSS
Rancher Authenticated API Credential Exposure
An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Ranchers service account token (used to provision clusters), were stored in plaintext directly on Kubernetes objects like Clusters, for example...
9.9CVSS
6.5AI Score
0.066EPSS
Summary IBM MQ added security fixes around "handling the crafterd URL", "removed clear text for user credentials in trace options" and "improved buffering logic to avoid DoS attack. The IBM MQ which contains above fixes is shipped with IBM MQ Operator and IBM supplied MQ Advanced container...
7.5CVSS
7.2AI Score
0.001EPSS
Schneider Electric EcoStruxure Power Design
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Design Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution. 3....
7.8CVSS
7.8AI Score
0.001EPSS
Fedora: Security Advisory for antlrworks (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). Thanks to Enze...
4.3CVSS
4.5AI Score
0.0005EPSS
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). Thanks to Enze...
4.3CVSS
4.5AI Score
0.0005EPSS
[SECURITY] Fedora 40 Update: antlrworks-1.5.2-29.fc40
ANTLRWorks is a novel grammar development environment for ANTLR v3 grammars written by Jean Bovet (with suggested use cases from Terence Parr). It comb ines an excellent grammar-aware editor with an interpreter for rapid prototyping and a language-agnostic debugger for isolating grammar errors....
6.8AI Score
0.0004EPSS