Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
7.8AI Score
EPSS
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
7.8AI Score
EPSS
7.8CVSS
7.5AI Score
0.001EPSS
8CVSS
7.5AI Score
0.0004EPSS
8CVSS
7.5AI Score
EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6819-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.4AI Score
0.001EPSS
Oracle Linux 9 : fence-agents (ELSA-2024-3820)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3820 advisory. - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-36482 Tenable has extracted the preceding description block directly from the Oracle Linux security...
5.4CVSS
5.4AI Score
0.0004EPSS
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port...
7.9AI Score
EPSS
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
7.8AI Score
EPSS
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port...
7.9AI Score
EPSS
RHEL 9 : c-ares (RHSA-2024:3842)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3842 advisory. The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: Out of...
4.4CVSS
5.6AI Score
0.0004EPSS
linux-aws, linux-oracle vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)...
7.8CVSS
7.5AI Score
0.001EPSS
linux-aws, linux-aws-5.15 vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8.2AI Score
0.0004EPSS
Keycloak's admin API allows low privilege users to use administrative functions
Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data.....
6.8AI Score
EPSS
Keycloak's admin API allows low privilege users to use administrative functions
Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data.....
7.2AI Score
EPSS
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...
8CVSS
8AI Score
0.0004EPSS
It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is...
9.8CVSS
9.7AI Score
0.05EPSS
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
9.9CVSS
9.9AI Score
0.0004EPSS
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
9.9CVSS
0.0004EPSS
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
9.9CVSS
8.3AI Score
0.0004EPSS
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
9.9CVSS
0.0004EPSS
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
9.9CVSS
8AI Score
0.0004EPSS
linux-intel-iotg-5.15 vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was....
8CVSS
8.2AI Score
EPSS
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through...
4.3CVSS
0.0004EPSS
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...
3.3CVSS
0.0004EPSS
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...
3.3CVSS
4AI Score
0.0004EPSS
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through...
8.6CVSS
0.0004EPSS
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through...
8.6CVSS
8.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through...
8.6CVSS
0.0004EPSS
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through...
8.6CVSS
7AI Score
0.0004EPSS
CVE-2024-5812 Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...
3.3CVSS
0.0004EPSS
CVE-2024-5812 Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API...
3.3CVSS
6.8AI Score
0.0004EPSS
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...
5.5CVSS
5.6AI Score
0.0004EPSS
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...
5.5CVSS
0.0004EPSS
Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...
8.6CVSS
0.0004EPSS
Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...
8.6CVSS
8.7AI Score
0.0004EPSS
CVE-2024-24703 WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...
8.6CVSS
0.0004EPSS
CVE-2024-24703 WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...
8.6CVSS
6.9AI Score
0.0004EPSS
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale
Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the....
9.8CVSS
6.7AI Score
0.957EPSS
A flaw was found in PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. When using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use the "Best-Fit" behavior to replace characters in the command line given to Win32 API functions......
9.8CVSS
9.3AI Score
0.967EPSS
CVE-2024-37294 Aimeos denial of service vulnerability in SaaS and marketplace setups
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...
5.5CVSS
0.0004EPSS
CVE-2024-37294 Aimeos denial of service vulnerability in SaaS and marketplace setups
Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to...
5.5CVSS
6.8AI Score
0.0004EPSS
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended...
9.1CVSS
0.0004EPSS
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended...
9.1CVSS
9.2AI Score
0.0004EPSS
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack...
10CVSS
9.6AI Score
0.0004EPSS
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack...
10CVSS
0.0004EPSS
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended...
9.1CVSS
0.0004EPSS
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended...
9.1CVSS
6.8AI Score
0.0004EPSS