Hub Security Vulnerabilities
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
7.2AI Score
0.001EPSS
3.5CVSS
3.8AI Score
0.0004EPSS
7AI Score
0.0004EPSS
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with....
6CVSS
5.5AI Score
0.0004EPSS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin....
7.4CVSS
6.1AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Libsyn Libsyn Publisher Hub allows Stored XSS.This issue affects Libsyn Publisher Hub: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command.....
8.8CVSS
7.1AI Score
0.0004EPSS
6.5CVSS
7AI Score
0.001EPSS
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to...
9.8CVSS
9.2AI Score
0.001EPSS
Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon...
5.7CVSS
5.4AI Score
0.0005EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next...
7.5CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
9.3CVSS
7.8AI Score
0.0004EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...
6.5CVSS
6.4AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through...
5.3CVSS
5.3AI Score
0.0005EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through...
5.3CVSS
5.2AI Score
0.0005EPSS
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login...
6.1CVSS
6AI Score
0.0005EPSS
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the...
4.3CVSS
4.3AI Score
0.001EPSS
6.1CVSS
5.5AI Score
0.0004EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4...
7.1CVSS
6AI Score
0.0005EPSS
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories...
7.5CVSS
7.5AI Score
0.001EPSS
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...
6.3CVSS
6.3AI Score
0.0004EPSS
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...
5.3CVSS
5.3AI Score
0.001EPSS
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes...
7.7CVSS
7.5AI Score
0.001EPSS
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted...
7.8CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.9AI Score
0.0004EPSS
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA...
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA...
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption in WLAN FW while processing command parameters from untrusted WMI...
7.8CVSS
7.9AI Score
0.0004EPSS
Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP...
8.8CVSS
9.1AI Score
0.0005EPSS
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory...
7.8CVSS
7.5AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...
9CVSS
7.7AI Score
0.0004EPSS
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such...
4.3CVSS
4.6AI Score
0.001EPSS
The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was...
5.3CVSS
5.3AI Score
0.002EPSS
8.4CVSS
7.9AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.1CVSS
5.2AI Score
0.0004EPSS
Memory Corruption in Graphics while accessing a buffer allocated through the graphics...
8.4CVSS
7.7AI Score
0.0004EPSS
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was...
9.8CVSS
9.3AI Score
0.002EPSS
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to...
8.4CVSS
7.9AI Score
0.0004EPSS
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed...
8.2CVSS
7.4AI Score
0.001EPSS
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6...
8.2CVSS
7.5AI Score
0.001EPSS
9.3CVSS
7.8AI Score
0.0004EPSS