Connect Security Vulnerabilities
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0...
5.9CVSS
4.8AI Score
0.0004EPSS
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting...
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,.....
9.8CVSS
9.2AI Score
0.001EPSS
The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as...
6.1CVSS
6AI Score
0.001EPSS
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: ...
8.4CVSS
7.8AI Score
0.0004EPSS
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: ...
7.5CVSS
7.3AI Score
0.001EPSS
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain...
6.5CVSS
6.2AI Score
0.001EPSS
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change......
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an....
7.4CVSS
7AI Score
0.002EPSS
A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL...
7.2CVSS
7AI Score
0.001EPSS
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password...
8.8CVSS
8.8AI Score
0.001EPSS
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful.....
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access...
9.8CVSS
9.5AI Score
0.004EPSS
The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the...
9.8CVSS
9.4AI Score
0.004EPSS
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's...
9.8CVSS
9.3AI Score
0.003EPSS
The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...
9.8CVSS
9.2AI Score
0.002EPSS
The Toybox.Ant.GenericChannel.enableEncryption API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the...
9.8CVSS
9.4AI Score
0.002EPSS
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent...
9.1CVSS
8.8AI Score
0.001EPSS
The Toybox.Ant.BurstPayload.add API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted Toybox.Ant.BurstPayload object, call its add method,...
9.8CVSS
9.3AI Score
0.003EPSS
The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the.....
9.8CVSS
9.4AI Score
0.004EPSS
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data.....
7.5CVSS
7.3AI Score
0.001EPSS
The Toybox.Graphics.BufferedBitmap.initialize API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters.....
9.8CVSS
9.2AI Score
0.002EPSS
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as....
9.8CVSS
9.5AI Score
0.002EPSS
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: ...
8.8CVSS
8.5AI Score
0.001EPSS
Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local...
5.5CVSS
5.2AI Score
0.0004EPSS
Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.6AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected d...
4.3CVSS
4.4AI Score
0.0005EPSS
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulne...
7.6CVSS
7.1AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected d...
7.5CVSS
7.2AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulne...
3.8CVSS
3.9AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to a...
5.3CVSS
5.2AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection...
7.2CVSS
7.3AI Score
0.002EPSS
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to ...
7.5CVSS
7.4AI Score
0.001EPSS
7.3CVSS
7.8AI Score
0.003EPSS
IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: ...
9.8CVSS
9.4AI Score
0.003EPSS
IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: ...
9.8CVSS
9.4AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw.....
5.5CVSS
4AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS