Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...
4.4CVSS
0.0004EPSS
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...
5.9CVSS
0.0004EPSS
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...
4.4CVSS
8AI Score
0.0004EPSS
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...
5.9CVSS
6.9AI Score
0.0004EPSS
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...
5.9CVSS
6AI Score
0.0004EPSS
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...
5.9CVSS
0.0004EPSS
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...
5.9CVSS
0.0004EPSS
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...
4.4CVSS
8AI Score
0.0004EPSS
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...
4.4CVSS
0.0004EPSS
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...
5.9CVSS
6AI Score
0.0004EPSS
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...
5.9CVSS
0.0004EPSS
[SECURITY] Fedora 39 Update: python-dns-2.6.1-1.fc39
dnspython is a DNS toolkit for Python. It supports almost all record types. It can be used for queries, zone transfers, and dynamic updates. It supports TSIG authenticated messages and EDNS0. dnspython provides both high and low level access to DNS. The high level classes perform queries for data.....
6.8AI Score
0.0004EPSS
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...
8.1CVSS
8AI Score
0.0004EPSS
A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...
8.1CVSS
0.0004EPSS
WordPress 4.1.x < 4.1.41 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.8.x < 5.8.10 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.4.x < 5.4.16 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.3.x < 5.3.18 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.5.x < 5.5.15 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 4.8.x < 4.8.25 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.0.x < 5.0.22 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to manipulate data via a malicious XML...
6.1CVSS
6AI Score
0.003EPSS
8.1CVSS
7AI Score
0.001EPSS
7.4AI Score
WordPress 6.2.x < 6.2.6 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
7.4AI Score
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan vulnerabilities (USN-6851-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-1 advisory. Andreas Hasenack discovered that netplan incorrectly handled the permissions for netdev files containing wireguard...
8.3AI Score
WordPress 6.1.x < 6.1.7 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.2.x < 5.2.21 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.1.x < 5.1.19 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 6.0.x < 6.0.9 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.9.x < 5.9.10 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
WordPress 5.7.x < 5.7.12 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
7.4AI Score
8.1CVSS
7.1AI Score
0.001EPSS
7.4AI Score
Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability
Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...
6.5CVSS
6.6AI Score
0.0004EPSS
RHEL 9 : kernel-rt (RHSA-2024:4106)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4106 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
8.2AI Score
0.0004EPSS
WordPress 6.4.x < 6.4.5 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
7.4AI Score
WordPress 4.2.x < 4.2.38 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
By default, MLflow does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web...
7.5AI Score
By default, MLflow does not require authentication to access the application. When enabling authentication, MLflow will enforce a basic authentication with default credentials. If not updated, a remote and unauthenticated attacker could access the MLflow UI and peform arbitrary actions on...
7.8AI Score
By default, Ollama does not require authentication to access the application. This allows an attacker to perform arbitrary modifications on experiments or models in the web...
7.5AI Score
WordPress 6.3.x < 6.3.5 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : A Cross-Site Scripting (XSS) vulnerability affecting the HTML API. A Cross-Site Scripting (XSS) vulnerability affecting the Template Part block. A path traversal issue...
6.2AI Score
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Langflow instance on the target application. Langflow is an open-source visual framework for building multi-agent and...
7.2AI Score
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6)
The version of AOS installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6 advisory. There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and...
9.8CVSS
5.9AI Score
0.003EPSS
8.1CVSS
7AI Score
EPSS
RHEL 8 : kernel (RHSA-2024:4107)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4107 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: race condition in...
7CVSS
7.4AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Plasma Workspace vulnerability (USN-6843-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6843-1 advisory. Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this...
7.7AI Score
EPSS