Lucene search
K

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•24 views

(Pwn2Own) Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updates. The issue results from the lack of...

6.8CVSS7AI score0.01761EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•19 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Config Manager Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxSystemConfigManager service, which listens on...

7.5CVSS7.3AI score0.01404EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•23 views

(Pwn2Own) Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of...

8.8CVSS7.5AI score0.00522EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•13 views

Phoenix Contact CHARX SEC-3100 charx_pack_logs Improper Input Validation Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...

7.8CVSS7.2AI score0.00408EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•29 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 MQTT Protocol JSON Parsing Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JSON-encoded arrays. The issue results...

5CVSS7.2AI score0.00871EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•24 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 plctool Improper Privilege Management Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.2AI score0.00259EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•22 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 ClientSession Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of ClientSession objects in the...

8.8CVSS7.3AI score0.00621EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•28 views

(Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 IP cameras. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the server parameter provided to the syno-api handler. T...

6.8CVSS7.5AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•13 views

(Pwn2Own) QNAP TS-464 Improper Validation Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication logic. The issue results from improper validation of the...

9.8CVSS9.6AI score0.02315EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•23 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 HomePlug Protocol Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the HomePlug Green PHY Protocol...

4.3CVSS6.3AI score0.01161EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•15 views

(Pwn2Own) QNAP TS-464 Log Upload Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of log uploads. The issue results from the lack of proper...

8.1CVSS7AI score0.4158EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•21 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Improper Access Control Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass firewall rules and access another interface on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of firewa...

5CVSS6.8AI score0.00391EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•9 views

(0Day) Zope CMFCore Uncontrolled Resource Consumption Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Zope Application Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the contentFilter class. The issue results from...

7.5CVSS6.7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•26 views

(Pwn2Own) Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

8.8CVSS7.5AI score0.00986EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•28 views

(Pwn2Own) Silicon Labs Gecko OS http_download Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the httpdownload command. The issue results from t...

7.5CVSS7.5AI score0.00462EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•30 views

(Pwn2Own) Samsung Galaxy S23 instantgame Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S23 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS7.2AI score0.00968EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•23 views

(Pwn2Own) Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results...

6.8CVSS7.2AI score0.00755EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•28 views

(Pwn2Own) Ubiquiti Networks EV Station EVCLauncher Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Ubiquiti Networks EV Station. User interaction is not required to exploit this vulnerability. The specific flaw exists within the EVCLauncher application. The...

6.3CVSS6.4AI score0.00325EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•21 views

(Pwn2Own) Alpine Halo9 Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...

5.3CVSS7.1AI score0.00669EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•24 views

Linux Kernel USB/IP VHCI Driver Race Condition Privilege Escalation Vulnerability

This vulnerability allows physically present attackers to escalate privileges on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the reset event. The issue results from the lack of proper locki...

7.1CVSS7.7AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•24 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol Missing Encryption Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the OCPP protocol. The issue...

6.3CVSS7AI score0.00309EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•23 views

(Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the runactionbatch endpoint of the cloud infrastructure. The issue...

7.5CVSS7.2AI score0.01186EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•23 views

(Pwn2Own) Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command...

6.5CVSS7.2AI score0.00796EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•19 views

(Pwn2Own) Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability

This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. Th...

4.6CVSS7.4AI score0.00263EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•15 views

(Pwn2Own) Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDMwemCmdCreatSHA256Hash function. The issue results from the lack...

6.8CVSS7.5AI score0.01026EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•15 views

Linux Kernel ICMPv6 Router Advertisement Race Condition Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Route Information options. The issue results from the lack of...

8.3CVSS7.2AI score0.02166EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•18 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol UpdateFirmware Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the location parameter of the...

7.5CVSS7.2AI score0.0147EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•20 views

(Pwn2Own) Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of DNS responses. The issue results from a...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•47 views

(Pwn2Own) HP Color LaserJet Pro MFP 4301fdw CFF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro MFP 4301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of embedded fonts. The issue results fr...

8.8CVSS7.2AI score0.01342EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/21 12:0 a.m.•14 views

(Pwn2Own) Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prhl2sardataind function. The issue results from the lack of validati...

8.8CVSS7.5AI score0.00789EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/20 12:0 a.m.•32 views

Microsoft Windows Menu DC Bitmap Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

8.8CVSS7AI score0.01269EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/20 12:0 a.m.•10 views

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti...

7.8CVSS7.5AI score0.00272EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/20 12:0 a.m.•19 views

VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch...

7.8CVSS7.5AI score0.00356EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/20 12:0 a.m.•18 views

Windscribe Directory Traversal Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windscribe Service. T...

7.8CVSS7.5AI score0.00591EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/20 12:0 a.m.•14 views

VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch...

7.8CVSS7.5AI score0.00379EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/20 12:0 a.m.•37 views

Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The specific flaw exists within the processing of fragmented TIPC...

9CVSS7.3AI score0.01305EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•19 views

Toshiba e-STUDIO2518A vsftpd Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is required to exploit this vulnerability. The specific flaw exists within the vsftpd daemon. The issue results from incorrect permissions set on folders...

7.8CVSS7.1AI score0.00322EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•12 views

PaperCut NG PrintDeployProxyController Incorrect Authorization Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PrintDeployProxyController class. The issue results from the incorrect authorization. An...

8.6CVSS7.2AI score0.63984EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•18 views

(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3D...

7.8CVSS7.2AI score0.00395EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•17 views

(0Day) Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of 3...

7.8CVSS7.2AI score0.00403EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•18 views

PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a...

7.2CVSS7.7AI score0.01707EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•17 views

PaperCut MF handleServiceException Cross-Site Scripting Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut MF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS7.2AI score0.61472EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•40 views

(0Day) Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.2AI score0.00403EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•11 views

PaperCut MF EmailRenderer Server-Side Template Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut MF. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EmailRenderer class. The iss...

7.2CVSS7.8AI score0.01411EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•20 views

(0Day) Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.2AI score0.00403EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•24 views

Tenable Nessus Network Monitor Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Tenable Nessus Network Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.1AI score0.00471EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•18 views

PaperCut NG upload Link Following Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PaperCut NG. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the upload endpoint. By...

6.5CVSS6.7AI score0.00546EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•12 views

(0Day) Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

7.8CVSS7.2AI score0.00374EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•16 views

(0Day) Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validati...

8.8CVSS7.5AI score0.01119EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/06/18 12:0 a.m.•11 views

PaperCut MF pc-upconnector-service Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PaperCut MF. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pc-upconnector-service service, which listens on TCP port 9151 by default. The...

8.2CVSS6.1AI score0.37934EPSS
Exploits0References1
Total number of security vulnerabilities16763