Server Security Vulnerabilities
7.8CVSS
7.7AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
7CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0005EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.003EPSS
7CVSS
6.9AI Score
0.0004EPSS
6.8CVSS
6.7AI Score
0.0005EPSS
8CVSS
8.1AI Score
0.001EPSS
8CVSS
8.1AI Score
0.001EPSS
8CVSS
8.1AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.001EPSS
4.7CVSS
4.7AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
6.7CVSS
6.8AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.0004EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.001EPSS
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the...
7.3CVSS
7.3AI Score
0.0004EPSS
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user...
8.4CVSS
5.2AI Score
0.0004EPSS
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth...
5.9CVSS
7.2AI Score
0.001EPSS
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...
9.8CVSS
8AI Score
0.002EPSS
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass...
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to....
7AI Score
0.0004EPSS
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...
6.9AI Score
0.0004EPSS
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...
8.4CVSS
7.3AI Score
0.0004EPSS
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of...
7.5CVSS
6.5AI Score
0.0004EPSS
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed...
5.7CVSS
6.4AI Score
0.0004EPSS
PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/test_script/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session...
6.3CVSS
5.7AI Score
0.0004EPSS
A vulnerability was found in Huashi Private Cloud CDN Live Streaming Acceleration Server up to 20240520. It has been classified as critical. Affected is an unknown function of the file /manager/ipconfig_new.php. The manipulation of the argument dev leads to os command injection. It is possible to.....
4.7CVSS
7.4AI Score
0.0005EPSS
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists...
9.8CVSS
8.7AI Score
0.001EPSS
A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been classified as problematic. Affected is an unknown function of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to launch the attack remotely. The exploit has been...
5.3CVSS
7.1AI Score
0.0004EPSS
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to...
8.8CVSS
8.8AI Score
0.511EPSS
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating...
7.2CVSS
8AI Score
0.0004EPSS
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive...
4.9CVSS
6.6AI Score
0.0004EPSS
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with....
7AI Score
0.0004EPSS
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted...
6.6AI Score
0.0004EPSS
Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local...
7.5CVSS
7.2AI Score
0.0004EPSS
Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local...
7.5CVSS
7.1AI Score
0.0004EPSS
Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...
7.5CVSS
7.1AI Score
0.0004EPSS
Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...
7.5CVSS
7.1AI Score
0.0004EPSS
Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...
7.2CVSS
7.1AI Score
0.0004EPSS
Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.1AI Score
0.0004EPSS
Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local...
5.8CVSS
6.5AI Score
0.0004EPSS