There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary...
7.2CVSS
7.7AI Score
0.0004EPSS
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched...
7.4CVSS
6.7AI Score
0.0004EPSS
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...
5.7CVSS
5.2AI Score
0.001EPSS
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious...
Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical...
6.8CVSS
6.8AI Score
0.001EPSS
Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical...
6.8CVSS
6.9AI Score
0.001EPSS
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is...
9.8CVSS
10AI Score
0.011EPSS
In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is...
9.8CVSS
9.7AI Score
0.002EPSS
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials...
6.5AI Score
0.001EPSS
Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID...
6.9AI Score
0.006EPSS
The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in...
6.7AI Score
0.025EPSS
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello...
6.6AI Score
0.046EPSS
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1,...
6.1AI Score
0.0004EPSS
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued...
6.6AI Score
0.059EPSS
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges.....
7.4AI Score
0.013EPSS
Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment...
7.8AI Score
0.0004EPSS
Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection...
7AI Score
0.006EPSS
Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP...
7AI Score
0.009EPSS
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or...
7.2AI Score
0.019EPSS
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS...
7.1AI Score
0.01EPSS
Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing...
7AI Score
0.002EPSS
dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell...
7.5AI Score
0.022EPSS