Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper...
6.2AI Score
0.005EPSS
AI Score
0.005EPSS
TP-Link Devices - (setDefaultHostname) Stored Cross-site Scripting Vulnerability
Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. Affected models include TD-W9977, TL-WA801ND, TL-WA801N, TL-WR802N, and...
6.1CVSS
0.5AI Score
0.005EPSS
All Thrive Themes and Plugins - Unauthenticated Option Update
The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers...
0.8AI Score
0.001EPSS
5CVSS
All Thrive Themes and Plugins - Unauthenticated Option Update
The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers...
1.1AI Score
0.001EPSS
5CVSS
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....
5.3CVSS
5.3AI Score
0.001EPSS
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....
5.3CVSS
0.001EPSS
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....
5.3CVSS
5.3AI Score
0.001EPSS
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include.....
5.6AI Score
0.001EPSS
0.3AI Score
0.5AI Score
7.4AI Score
Rockwell Automation Logix Controllers (Update A)
EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a...
9.8CVSS
9.7AI Score
0.009EPSS
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
Title: SOYAL Biometric Access Control System 5.0 Master Code Disclosure Advisory ID: ZSL-2021-5630 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information Risk: (3/5) Release Date: 18.03.2021 Summary Soyal Access systems are built into Raytel Door Entry...
7AI Score
EPSS
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1667)
The remote host is missing an update for the Huawei...
7.7CVSS
7AI Score
0.141EPSS
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1632)
The remote host is missing an update for the Huawei...
7.7CVSS
6.7AI Score
0.141EPSS
EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1667)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the...
7.7CVSS
AI Score
EPSS
EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2021-1632)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the...
7.7CVSS
AI Score
EPSS
EulerOS Virtualization 3.0.6.6 : qemu (EulerOS-SA-2021-1455)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an...
6.5CVSS
6.9AI Score
EPSS
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1455)
The remote host is missing an update for the Huawei...
6.5CVSS
6.4AI Score
0.005EPSS
-0.2AI Score
HP / HPE Systems Insight Manager (SIM) Detection (HTTP)
HTTP based detection of HP / HPE Systems Insight Manager...
-0.3AI Score
-0.4AI Score
7.4AI Score
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but...
9.8CVSS
1AI Score
0.014EPSS
Cisco AnyConnect Posture (HostScan) Security Service Multiple Vulnerabilities
Advisory Information Title: Cisco AnyConnect Posture (HostScan) Security Service Multiple Vulnerabilities Advisory ID: CORE-2021-0001 Advisory URL: https://www.coresecurity.com/core-labs/advisories/cisco-anyconnect-posture-hostscan-security-service-local-privilege-escalation Date published:...
7.8CVSS
8AI Score
0.0004EPSS
Security Advisory - Use After Free Vulnerability in Huawei Product
There is a use-after-free vulnerability in Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. (Vulnerability ID:...
5.3CVSS
5.4AI Score
0.001EPSS
[15:4.2.1-4.el7] - Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors (Moger,...
10CVSS
-0.1AI Score
0.976EPSS
0.2AI Score
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other...
4.1CVSS
4.3AI Score
0.0004EPSS
Oracle Linux 7 : qemu (ELSA-2021-9034)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9034 advisory. An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB...
6.7CVSS
7.2AI Score
0.004EPSS
EulerOS 2.0 SP9 : qemu (EulerOS-SA-2021-1256)
According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro...
5.5CVSS
6AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1275)
The remote host is missing an update for the Huawei...
5.5CVSS
6.2AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1256)
The remote host is missing an update for the Huawei...
5.5CVSS
6.2AI Score
0.001EPSS
Cisco Unified Communications Products Vulnerabilities (cisco-sa-imp-trav-inj-dM687ZD6)
According to its self-reported version, a SQL injection (SQLi) vulnerability exists in the web-based management interface of Cisco Unified CM and Cisco Unified CM SME due to improper validation of user-submitted parameters. An authenticated, remote attacker with administrative credentials can...
6.5CVSS
0.7AI Score
0.001EPSS
EulerOS 2.0 SP9 : qemu (EulerOS-SA-2021-1275)
According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro...
5.5CVSS
6AI Score
0.001EPSS
Cisco Unified Communications Products Vulnerabilities (cisco-sa-imp-trav-inj-dM687ZD6)
According to its self-reported version, multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that.....
6.5CVSS
0.7AI Score
0.001EPSS
Summary: The "_idnonce" value on https://intensedebate.com protects victims from CSRF attacks. However, this value is not changing with changed user ids of same account (_idnonce value is same in request from user id 'X' and user id 'Y' when 'X' is changed to 'Y'). It leads to CSRF on victim's...
1AI Score
phpGACL template multiple cross-site scripting vulnerabilities
Summary Multiple cross-site scripting vulnerabilities exist in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability. Tested Versions phpGACL 3.3.7 OpenEMR...
6.1CVSS
0.6AI Score
0.146EPSS
Cisco Unified CommunicationsManager Information Disclosure (cisco-sa-cucm-logging-6QSWKRYz)
An information disclosure vulnerability exists in Cisco Unified Communications Manager due to the storage of unencrypted credentials. An authenticated, remote attacker can exploit this, by accessing the audit logs of the system, to disclose sensitive information. Note that Nessus has not tested...
6.5CVSS
-0.1AI Score
0.002EPSS
There is an out-of-bounds read vulnerability in several...
6.5CVSS
7AI Score
0.001EPSS
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...
6.5CVSS
6.5AI Score
0.001EPSS
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...
6.5CVSS
6.5AI Score
0.001EPSS
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...
6.5CVSS
6.4AI Score
0.001EPSS
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions...
6.5AI Score
0.001EPSS
High-Severity Cisco Flaw Found in CMX Software For Retailers
A high-severity flaw in Cisco’s smart Wi-Fi solution for retailers could allow a remote attacker to alter the password of any account user on affected systems. The vulnerability is part of a number of patches issued by Cisco addressing 67 high-severity CVEs on Wednesday. This included flaws found.....
1.7AI Score
0.467EPSS
9.8CVSS
9.2AI Score
0.051EPSS
7CVSS
-0.1AI Score
0.002EPSS
-0.3AI Score
0.002EPSS
7CVSS
6AI Score
EPSS