Connect Security Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
4AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
4AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
7.8CVSS
7.8AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0...
5.9CVSS
4.8AI Score
0.001EPSS
An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc...
8.8CVSS
8.5AI Score
0.001EPSS
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
6.1CVSS
5.8AI Score
0.001EPSS
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the...
6.1CVSS
6AI Score
0.001EPSS
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than...
4.3CVSS
4.6AI Score
0.0005EPSS
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than...
5.5CVSS
5.2AI Score
0.0004EPSS
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...
5.3CVSS
4.9AI Score
0.127EPSS
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect:...
8.8CVSS
8.6AI Score
0.001EPSS
Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive...
5.9CVSS
5.8AI Score
0.002EPSS
7.8CVSS
8.9AI Score
0.001EPSS
8.8CVSS
9.4AI Score
0.008EPSS
7.8CVSS
8.4AI Score
0.001EPSS
8.8CVSS
9.4AI Score
0.008EPSS
7.8CVSS
8.3AI Score
0.001EPSS
IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: ...
6.5CVSS
6.5AI Score
0.001EPSS
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...
7.5CVSS
7.4AI Score
0.001EPSS
A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka.....
8.8CVSS
8.9AI Score
0.97EPSS
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID:...
6.8CVSS
4.8AI Score
0.001EPSS
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: ...
6.5CVSS
6AI Score
0.001EPSS
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on...
8.8CVSS
8.6AI Score
0.002EPSS
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin...
8.4CVSS
7.6AI Score
0.0004EPSS
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user...
9.8CVSS
9.4AI Score
0.002EPSS
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin...
9.8CVSS
9.3AI Score
0.002EPSS
Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin...
9.8CVSS
9.3AI Score
0.002EPSS
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary...
7.8CVSS
7.7AI Score
0.001EPSS
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary...
7.8CVSS
7.8AI Score
0.001EPSS
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled...
7.5CVSS
7.5AI Score
0.002EPSS
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...
5.4CVSS
5.3AI Score
0.001EPSS
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions...
7.5CVSS
7.4AI Score
0.001EPSS
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions...
7.5CVSS
7.4AI Score
0.001EPSS
user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account...
4.3CVSS
4.5AI Score
0.001EPSS
user_oidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...
5.4CVSS
5.2AI Score
0.001EPSS
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data...
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL...
Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Connect plugin <= 1.2.6 on...
4.8CVSS
4.9AI Score
0.001EPSS
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the...
9.1CVSS
7.6AI Score
0.002EPSS
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka...
8.8CVSS
8.6AI Score
0.002EPSS
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS...
7.5CVSS
7.4AI Score
0.001EPSS
An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before...
9.8CVSS
9.3AI Score
0.002EPSS