In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive...
7.5CVSS
7.3AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of...
7.5CVSS
7.5AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...
8.8CVSS
8.7AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole...
9.8CVSS
10AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through...
9.8CVSS
9.7AI Score
0.0004EPSS
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole...
9.8CVSS
10AI Score
0.0004EPSS
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...
4.3CVSS
0.0004EPSS
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...
4.3CVSS
6.8AI Score
0.0004EPSS
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...
4.3CVSS
4.7AI Score
0.0004EPSS
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...
7.5CVSS
0.0004EPSS
Leak of sensitive information to log files in github.com/hashicorp/go-retryablehttp
URLs were not sanitized when writing them to log files. This could lead to writing sensitive HTTP basic auth credentials to the log...
7AI Score
It was discovered that Salt incorrectly validated method calls and sanitized paths. A remote attacker could possibly use this issue to access some methods without authentication. (CVE-2020-11651,...
9.8CVSS
7.2AI Score
0.975EPSS
CVE-2024-37167 Tuleap has improper permissions of the backlog items
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...
4.3CVSS
0.0004EPSS
CVE-2024-37167 Tuleap has improper permissions of the backlog items
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...
4.3CVSS
6.9AI Score
0.0004EPSS
MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee...
6AI Score
0.0004EPSS
google-guest-agent, google-osconfig-agent vulnerability
USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An...
7.1AI Score
0.0004EPSS
Malicious code in internal-udfc-pkg (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (25708e4f5f0536339a12c9bf28e659c821359f2733ff51d193cd6d74443c3650) The OpenSSF Package Analysis project identified 'internal-udfc-pkg' @ 5.5.5 (npm) as malicious. It is considered malicious because: The package...
7.3AI Score
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination......
8.4CVSS
7.5AI Score
0.0004EPSS
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination......
8.4CVSS
7.8AI Score
0.0004EPSS
Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-5631) Rene....
6.1CVSS
7.1AI Score
0.007EPSS
Authentication Bypasses in MOVEit Transfer and MOVEit Gateway
On June 25, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer and MOVEit Gateway: CVE-2024-5806, a critical authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration; and CVE-2024-5805, a critical SFTP-associated...
9.1CVSS
9.8AI Score
0.0004EPSS
Security Bulletin: This Power System update is being released to address CVE-2024-31916
Summary This affects the BMC's HTTPS-based Redfish interface. Note the BMC's web-based ASMI interface uses the Redfish interface. Vulnerability Details ** CVEID: CVE-2024-31916 DESCRIPTION: **IBM OpenBMC's BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor.....
7.5CVSS
6.7AI Score
0.0004EPSS
Security Bulletin: This Power System update is being released to address CVE-2023-48795
Summary This affects the BMC's secure shell (SSH) interfaces which provides service access to the BMC's command shell, access to the host console, and service access to the hypervisor console. The BMC does not have SSH extensions, so a successful attack will not downgrade client connection...
5.9CVSS
7AI Score
0.963EPSS
Aimeos HTML client may potentially reveal sensitive information in error log
Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the...
8.8CVSS
6.5AI Score
0.0004EPSS
Aimeos HTML client may potentially reveal sensitive information in error log
Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the...
8.8CVSS
6.5AI Score
0.0004EPSS
Security Bulletin: This Power System update is being released to address CVE-2023-45857
Summary This affects the BMC's ASMi web application. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value.....
6.5CVSS
5.9AI Score
0.001EPSS
Security Bulletin: This Power System update is being released to address CVE-2023-37453
Summary This affects the BMC's physical USB ports. Vulnerability Details ** CVEID: CVE-2023-37453 DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds flaw in the read_descriptors function in drivers/usb/core/sysfs.c in the USB subsystem. By using a...
4.6CVSS
6.3AI Score
0.0005EPSS
Adobe Commerce & Magento - CosmicSting
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code...
9.8CVSS
9.8AI Score
0.038EPSS
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...
2.6CVSS
3.2AI Score
0.0004EPSS
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...
2.6CVSS
3.2AI Score
0.0004EPSS
7.2AI Score
7.2AI Score
7.2AI Score
7.2AI Score
7.2AI Score
It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-11471) Reza Mirzazade Farkhani discovered that libheif incorrectly handled...
8.8CVSS
6.9AI Score
0.003EPSS
Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27270). Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site...
4.7CVSS
6.4AI Score
0.0004EPSS
7.2AI Score
7.2AI Score
7.2AI Score
7.2AI Score
Summary IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Vulnerability Details ** CVEID:...
4.3CVSS
6.6AI Score
0.0004EPSS
Summary In Sterling B2B Integrator Standard Edition Console, the Content-Security-Policy header in the console for B2Bi is not set to the stictest available value. The Content-Security-Policy that is set by the server allows inline Javascript and "eval" functions in the browser. Allowing inline...
5.4CVSS
6.2AI Score
0.0004EPSS
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain...
3.5CVSS
7AI Score
0.0004EPSS
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score
5.8AI Score