Hub Security Vulnerabilities
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...
6.7CVSS
6.5AI Score
0.0004EPSS
A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub's....
6.1CVSS
6.2AI Score
0.001EPSS
Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.8AI Score
0.002EPSS
6.1CVSS
4.8AI Score
0.001EPSS
Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub product of Oracle PeopleSoft (component: My Links). The supported version that is affected is 9.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to...
4.8CVSS
4.8AI Score
0.001EPSS
Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical...
6.8CVSS
6.8AI Score
0.001EPSS
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication...
6.6CVSS
6.2AI Score
0.0004EPSS
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery...
9.1CVSS
9.2AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.002EPSS
6.1CVSS
6.2AI Score
0.001EPSS
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive...
7.5CVSS
7.5AI Score
0.002EPSS
6.5CVSS
6.5AI Score
0.001EPSS
All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the...
9.9CVSS
9.5AI Score
0.001EPSS
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating....
7.5CVSS
7.3AI Score
0.012EPSS
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username...
9.8CVSS
9.9AI Score
0.002EPSS
An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in...
9.8CVSS
9.8AI Score
0.002EPSS
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal...
8.8CVSS
8.7AI Score
0.001EPSS
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require...
8.8CVSS
8.6AI Score
0.001EPSS
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context.....
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message....
Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.4AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is...
7.5CVSS
7.2AI Score
0.002EPSS
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be...
9.8CVSS
9.5AI Score
0.002EPSS
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @require_apikey in...
7.5CVSS
7.2AI Score
0.001EPSS
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and....
4CVSS
4.2AI Score
0.0005EPSS
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass...
7.2CVSS
8.6AI Score
0.975EPSS
An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this...
5.3CVSS
5.3AI Score
0.001EPSS
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was...
6.1CVSS
6.4AI Score
0.001EPSS
In JetBrains Hub before 2021.1.13389, account takeover was possible during password...
9.8CVSS
9.5AI Score
0.002EPSS
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was...
6.5CVSS
6.4AI Score
0.001EPSS
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option......
8.3CVSS
8.5AI Score
0.013EPSS
Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the...
3.7CVSS
3AI Score
0.0004EPSS
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives.....
5.5CVSS
5.7AI Score
0.001EPSS
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz...
7.5CVSS
7.2AI Score
0.025EPSS
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip...
7.5CVSS
7.4AI Score
0.012EPSS
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz...
7.5CVSS
7.1AI Score
0.021EPSS
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar...
7.5CVSS
7.3AI Score
0.014EPSS
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the...
7.8CVSS
7.5AI Score
0.0005EPSS
In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users...
7.5CVSS
7.7AI Score
0.001EPSS
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root...
9.8CVSS
9.5AI Score
0.005EPSS
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Template, GTIN search). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
8.1CVSS
7.7AI Score
0.001EPSS
Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Sites). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful attacks of this....
8.1CVSS
8.1AI Score
0.001EPSS