Lucene search
K

80 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7773

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00615EPSS
Exploits0References5
Nvidia
Nvidia
added 2024/10/22 12:0 a.m.73 views

Security Bulletin: NVIDIA GPU Display Driver - October 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

8.2CVSS8.3AI score0.00415EPSS
Exploits0Affected Software3
ICS
ICS
added 2024/10/08 12:0 a.m.34 views

Siemens SINEC Security Monitor

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.9CVSS8.2AI score0.0083EPSS
Exploits0References10
NVD
NVD
added 2024/08/12 1:38 p.m.24 views

CVE-2024-4350

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...

5.1CVSS0.00464EPSS
Exploits0References4
OSV
OSV
added 2024/08/09 12:37 a.m.16 views

CVE-2024-4350 Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...

5.1CVSS6AI score0.00464EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/08/09 12:37 a.m.54 views

CVE-2024-4350 Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...

5.1CVSS0.00464EPSS
Exploits0References4
OSV
OSV
added 2024/08/08 4:31 p.m.16 views

CVE-2024-7394 Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName. A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector...

4.6CVSS6AI score0.00412EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/08/08 4:31 p.m.16 views

CVE-2024-7394 Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName. A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVSS v4.0 rank of 4.6 with vector...

4.6CVSS4.8AI score0.00412EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2024/08/05 6:7 a.m.32 views

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol CIP programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS...

7.3CVSS7.4AI score0.09197EPSS
Exploits0
OSV
OSV
added 2024/08/01 6:23 p.m.20 views

CVE-2024-4353 Stored XSS in Generate Board Name Input Field

Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board instance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious JavaScript code. The Concre...

4.6CVSS6AI score0.00285EPSS
Exploits0References5
CVE
CVE
added 2024/08/01 6:23 p.m.52 views

CVE-2024-4353

Concrete CMS versions 9.0.0–9.3.2 are affected by a stored XSS in the generate dashboard board instance functionality. The Name input field allows injection of JavaScript because input is not sufficiently validated, enabling a rogue administrator to execute code. Affected product: Concrete CMS (v...

4.8CVSS4.8AI score0.00285EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2024/08/01 6:0 a.m.98 views

Rockwell Automation Logix Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability : Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this...

7.3CVSS7AI score0.09197EPSS
Exploits0References10
Nvidia
Nvidia
added 2024/07/23 12:0 a.m.27 views

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - July 2024

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series including Jetson TX2 NX, and Jetson Nano™ devices including Jetson Nano 2GB in the NVIDIA JetPack™ software development kit SDK. To protect your system, download and insta...

8.8CVSS9.1AI score0.00229EPSS
Exploits0
ICS
ICS
added 2024/07/16 6:0 a.m.20 views

Rockwell Automation Pavilion 8

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion 8 Vulnerability : Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

8.8CVSS6.8AI score0.00488EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2024/07/16 12:0 a.m.34 views

MySQL -- Multiple vulnerabilities

Oracle reports: 36 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8...

7.2AI score
Exploits0References1
ICS
ICS
added 2024/07/11 6:0 a.m.53 views

Rockwell Automation FactoryTalk System Services and Policy Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk System Services and Policy Manager Vulnerabilities : Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

7.5CVSS7.1AI score0.00744EPSS
Exploits0References10
Nvidia
Nvidia
added 2024/07/09 12:0 a.m.127 views

Security Bulletin: NVIDIA GPU Display Driver - July 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

7.8CVSS8.3AI score0.00455EPSS
Exploits0Affected Software2
ICS
ICS
added 2024/07/02 6:0 a.m.20 views

Johnson Controls Kantech Door Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION : Exploitable via adjacent network Vendor : Johnson Controls, Inc. Equipment : Kantech KT1, KT2, KT400 Door Controllers Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of...

3.1CVSS4.4AI score0.00222EPSS
Exploits0References10
ICS
ICS
added 2024/06/27 6:0 a.m.27 views

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

6.8CVSS7AI score0.00372EPSS
Exploits0References10
ICS
ICS
added 2024/06/20 6:0 a.m.24 views

CAREL Boss-Mini

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : CAREL Equipment : Boss-Mini Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

9.8CVSS9.1AI score0.75206EPSS
Exploits6References10
Rows per page
Query Builder