There is a denial of service vulnerability in Huawei...
7.5CVSS
7AI Score
0.001EPSS
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....
7.5CVSS
7.3AI Score
0.001EPSS
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....
7.5CVSS
0.001EPSS
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....
7.5CVSS
7.3AI Score
0.001EPSS
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Affected product versions.....
7.6AI Score
0.001EPSS
NetModule Router Software Password Handling / Session Fixation Vulnerability
NetModule Router Software versions prior to 4.3.0.113, 4.4.0.111, and 4.5.0.105 suffer from insecure password handling and session fixation...
9.8CVSS
0.4AI Score
0.003EPSS
-0.1AI Score
0.003EPSS
elFinder - A Case Study of Web File Manager Vulnerabilities
An application’s interaction with the file system is always highly security sensitive, since minor functional bugs can easily be the source of exploitable vulnerabilities. This observation is especially true in the case of web file managers, whose role is to replicate the features of a complete...
9.8CVSS
-0.1AI Score
0.973EPSS
0.5AI Score
0.8AI Score
0.7AI Score
0.5AI Score
7.4AI Score
7.4AI Score
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Advisory ID: ZSL-2021-5665 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information Risk: (3/5) Release Date: 15.08.2021 Summary COMMAX Smart Home System is a smart IoT home...
6.8AI Score
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Advisory ID: ZSL-2021-5666 Type: Local/Remote Impact: Manipulation of Data, DoS Risk: (4/5) Release Date: 15.08.2021 Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment...
7.4AI Score
phpfastcache - phpinfo Resource Exposure
phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via...
5.4CVSS
4.5AI Score
0.006EPSS
ifw8 Router ROM v4.31 - Credential Discovery
ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source...
7.5CVSS
7.4AI Score
0.024EPSS
Debian DSA-4949-1 : jetty9 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4949 advisory. In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a...
9.8CVSS
7.4AI Score
0.028EPSS
There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions...
7.8CVSS
7.6AI Score
0.0004EPSS
7.1AI Score
OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of...
9.8CVSS
9.8AI Score
0.024EPSS
Zimbra 8.8.15 - Webmail Compromise via Email
Zimbra is a popular webmail solution for global enterprises. According to Zimbra, it is used by over 200,000 businesses and over a thousand government & financial institutions to exchange emails between millions of users every day. When attackers get access to an employee's email account, it often....
6.1CVSS
0.1AI Score
0.007EPSS
Lucee Admin - Remote Code Execution
Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution...
9.8CVSS
9.9AI Score
0.973EPSS
Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability
Summary A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability....
9.8CVSS
0.1AI Score
0.016EPSS
Advantech R-SeeNet ping.php OS Command Injection vulnerability
Summary An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...
9.8CVSS
0.6AI Score
0.972EPSS
Advantech R-SeeNet device_graph_page.php Multiple Reflected XSS vulnerabilities
Summary Multiple cross-site scripting vulnerabilities exist in the device_graph_page.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits specially crafted URLs, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An...
6.1CVSS
0.2AI Score
0.808EPSS
Etherpad 1.8.13 - Code Execution Vulnerabilities
Etherpad is one of the most popular online text editors that allows collaborating on documents in real-time. It is customizable with more than 250 plugins available and features a version history as well as a chat functionality. There are thousands of instances deployed worldwide with millions of.....
6.1CVSS
0.4AI Score
0.002EPSS
Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)
The theme does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability. Due to a nonce check, this issue is only exploitable on unauthenticated users (for as long as the nonce used in the request is...
0.7AI Score
0.001EPSS
Security update for the Linux Kernel (important)
An update that solves 52 vulnerabilities and has 250 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...
9.8CVSS
0.3AI Score
0.006EPSS
Security update for the Linux Kernel (important)
An update that solves 52 vulnerabilities and has 187 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33200: Enforcing incorrect limits for pointer...
9.8CVSS
0.3AI Score
0.006EPSS
Acronis: Subdomain takeover of main domain of https://www.cyberlynx.lu/
Summary Hi Acronis Security Team , Hope you well. I found one of your subdomains which is www.cyberlynx.lu (One of your Acquisition) is pointing towards www.cyberlynx.lu canonical name = www118.wixdns.net. www118.wixdns.net canonical name = balancer.wixdns.net. balancer.wixdns.net canonical...
AI Score
Rockwell Automation MicroLogix 1100
EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a...
8.6CVSS
8.9AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2021-2125)
The remote host is missing an update for the Huawei...
6.5CVSS
6.4AI Score
0.002EPSS
EulerOS Virtualization 3.0.2.2 : qemu-kvm (EulerOS-SA-2021-2166)
According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer ...
8.2CVSS
8.9AI Score
0.022EPSS
EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2021-2125)
According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : A flaw was found in QEMU. A heap-based buffer overflow vulnerability was found in the SDHCI device emulation ...
6.5CVSS
7.7AI Score
0.002EPSS
Newspaper < 11 - Reflected Cross-Site Scripting (XSS)
The theme does not sanitise the td_atts.modules_category parameter in its td_ajax_search AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...
1.3AI Score
0.001EPSS
There has a license management vulnerability in some huawei...
4.9CVSS
5.3AI Score
0.001EPSS
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....
4.9CVSS
0.001EPSS
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....
4.9CVSS
5AI Score
0.001EPSS
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....
4.9CVSS
5AI Score
0.001EPSS
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect.....
5.3AI Score
0.001EPSS
7.5CVSS
AI Score
0.012EPSS
-0.4AI Score
0.012EPSS
7.5CVSS
7.8AI Score
EPSS
-0.3AI Score
0.968EPSS
9.8CVSS
-0.1AI Score
0.968EPSS
There is a command injection vulnerability in Huawei...
7.2CVSS
7.3AI Score
0.002EPSS
There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by.....
4.9CVSS
5AI Score
0.001EPSS
There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service...
7.5CVSS
7.4AI Score
0.001EPSS