7CVSS
8.9AI Score
0.0004EPSS
8.8CVSS
9.2AI Score
0.001EPSS
7.5CVSS
8.4AI Score
0.0005EPSS
7.8CVSS
8.5AI Score
0.0004EPSS
5.5CVSS
8.2AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.001EPSS
7.2CVSS
9AI Score
0.001EPSS
5.5CVSS
8.6AI Score
0.0004EPSS
7.2CVSS
9AI Score
0.001EPSS
8CVSS
8.7AI Score
0.0004EPSS
7.2CVSS
9AI Score
0.001EPSS
7.4CVSS
8.7AI Score
0.001EPSS
8.8CVSS
9AI Score
0.001EPSS
6.5CVSS
8.7AI Score
0.0004EPSS
7.8CVSS
8.7AI Score
0.0004EPSS
5.5CVSS
8.5AI Score
0.0004EPSS
8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
9AI Score
0.001EPSS
7.8CVSS
8.8AI Score
0.0004EPSS
6.7CVSS
8.7AI Score
0.0004EPSS
6.8CVSS
8.7AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.001EPSS
7.1CVSS
8.8AI Score
0.001EPSS
7.8CVSS
8.8AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.001EPSS
7.1CVSS
8.8AI Score
0.001EPSS
6.7CVSS
8.7AI Score
0.0004EPSS
6.1CVSS
8.7AI Score
0.0004EPSS
A race condition was identified through which privilege escalation was possible in certain...
8.8CVSS
7.1AI Score
0.0004EPSS
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the...
9.8CVSS
7.1AI Score
0.001EPSS
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through...
6.1AI Score
0.0004EPSS
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this...
6AI Score
0.0004EPSS
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory...
7.5CVSS
7.4AI Score
0.005EPSS
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: ...
5.9CVSS
6.2AI Score
0.0004EPSS
A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...
7.3CVSS
7AI Score
0.0004EPSS
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...
4.4CVSS
6.4AI Score
0.0004EPSS
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access.....
4.3CVSS
5.7AI Score
0.0004EPSS
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: ...
6.5CVSS
6AI Score
0.0004EPSS
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the....
9.8CVSS
9.9AI Score
0.001EPSS
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: ...
7.5CVSS
7.3AI Score
0.0004EPSS
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: ...
4.7CVSS
4.5AI Score
0.0004EPSS
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted...
6.7AI Score
0.0004EPSS
Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of...
6.5AI Score
0.0004EPSS
A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in...
6.6AI Score
0.0004EPSS
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: ...
6.2CVSS
6.2AI Score
0.0004EPSS
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: ...
4.3CVSS
4.4AI Score
0.0004EPSS
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That...
7.5CVSS
6.4AI Score
0.0005EPSS
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may vary....
9.8CVSS
9.4AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...
6.5CVSS
4.9AI Score
0.0004EPSS
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for....
6.3CVSS
6.8AI Score
0.0004EPSS