Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

nessus
nessus

Cisco ASA Software and FTD Software Web Services Interface XSS (cisco-sa-asaftd-xss-multiple-FCB3vPZe) (Direct Check)

The version of Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software running on the remote web server is affected by a cross-site scripting vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to...

6.1CVSS

2.6AI Score

0.971EPSS

2021-07-07 12:00 AM
152
githubexploit
githubexploit

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 POC for CVE-2022-40684 affecting Fortinet...

9.8CVSS

10AI Score

0.972EPSS

2022-10-13 02:24 PM
346
osv
osv

CVE-2023-42462

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version...

9.1CVSS

7.1AI Score

0.0005EPSS

2023-09-27 03:19 PM
5
nuclei
nuclei

OpenCMS 14 & 15 - Cross Site Scripting

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury'...

6.1CVSS

5.8AI Score

0.001EPSS

2024-01-03 11:54 AM
13
nuclei
nuclei

Apache Struts - Multiple Open Redirection Vulnerabilities

Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied...

8.1AI Score

0.972EPSS

2021-06-09 10:02 AM
5
osv
osv

silverstripe/userforms file upload exposure on UserForms module

The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...

7AI Score

2024-05-28 05:21 PM
2
githubexploit
githubexploit

Exploit for Forced Browsing in Fortra Goanywhere Managed File Transfer

CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script...

9.8CVSS

9.8AI Score

0.501EPSS

2024-01-23 08:16 PM
220
osv
osv

CVE-2023-41326

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...

8.8CVSS

7.1AI Score

0.001EPSS

2023-09-27 03:19 PM
4
osv
osv

CVE-2023-41320

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to...

9.8CVSS

8.3AI Score

0.001EPSS

2023-09-27 03:19 PM
4
alpinelinux
alpinelinux

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

7.8AI Score

0.0004EPSS

2024-05-16 09:15 PM
5
cve
cve

CVE-2023-46784

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
57
hp
hp

HP Software Packages (SoftPaqs) – Potential Escalation of Privilege

Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). HP has provided updated software packages (SoftPaqs) available from our...

8AI Score

0.0004EPSS

2024-04-25 12:00 AM
13
osv
osv

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

7.8AI Score

0.0004EPSS

2024-05-16 09:15 PM
5
atlassian
atlassian

Infinite Loop vulnerability in Jira Service Management Data Center and Server

This vulnerability, with a CVSS Score of 7.5, contains an iteration or loop with an exit condition that cannot be reached. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. The software's operation may slow down,....

7AI Score

2024-05-15 07:23 AM
3
osv
osv

tpm2-tss vulnerabilities

Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-22745) Jurgen Repp and Andreas Fuchs discovered...

6.4CVSS

7.2AI Score

EPSS

2024-05-28 10:05 PM
2
osv
osv

CVE-2022-39323

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please...

9.8CVSS

7.8AI Score

0.001EPSS

2022-11-03 03:15 PM
1
nessus
nessus

Cisco NX-OS Software Unexpected IP in IP Packet Processing (CVE-2020-10136)

Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access...

5.3CVSS

5.5AI Score

0.015EPSS

2023-07-25 12:00 AM
17
nessus
nessus

Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities

According to its self-reported version, Cisco Wireless LAN Controller (WLC) is affected by following multiple vulnerabilities Multiple vulnerabilities in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an ...

6.5CVSS

6.7AI Score

0.001EPSS

2019-04-26 12:00 AM
9
cvelist
cvelist

CVE-2024-35213 Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...

9CVSS

0.0004EPSS

2024-06-11 06:37 PM
4
osv
osv

CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to.....

4.7CVSS

4.8AI Score

0.001EPSS

2022-08-22 03:15 PM
5
githubexploit
githubexploit

Exploit for CVE-2024-1403

CVE-2024-1403 Progress OpenEdge Authentication Bypass An...

10CVSS

7.2AI Score

0.0004EPSS

2024-03-06 03:27 PM
264
githubexploit
githubexploit

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164: Apache Struts path traversal to RCE...

9.8CVSS

10AI Score

0.09EPSS

2023-12-13 09:31 AM
283
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...

9.8CVSS

9.8AI Score

0.938EPSS

2024-06-03 08:22 AM
74
githubexploit
githubexploit

Exploit for CVE-2024-26229

CVE-2024-26229 Beacon Object Files Beacon Object File (BOF)...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-12 11:11 AM
44
githubexploit
githubexploit

Exploit for SQL Injection in Progress Moveit Cloud

CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit...

9.8CVSS

8.4AI Score

0.957EPSS

2023-06-09 07:07 PM
125
github
github

silverstripe/userforms file upload exposure on UserForms module

The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...

7AI Score

2024-05-28 05:21 PM
6
githubexploit
githubexploit

Exploit for Incorrect Authorization in Ivanti Mobileiron Sentry

CVE-2023-38035 POC for CVE-2023-38035 affecting Ivanti Sentry...

9.8CVSS

10.3AI Score

0.975EPSS

2023-08-23 05:34 PM
280
redos
redos

ROS-20240611-02

The vulnerability of Tss2_RC_Decode and Tss2_RC_SetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and...

6.4CVSS

7.3AI Score

EPSS

2024-06-11 12:00 AM
nessus
nessus

Atlassian Confluence Installed (Linux)

Atlassian Confluence was detected on the remote Linux...

1.4AI Score

2022-06-21 12:00 AM
11
osv
osv

CVE-2023-41888

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page.....

5.4CVSS

7AI Score

0.0005EPSS

2023-09-27 03:19 PM
4
githubexploit
githubexploit

Exploit for Improper Access Control in Papercut Papercut Mf

CVE-2023-27350 POC for CVE-2023-27350 affecting PaperCut...

9.8CVSS

9.8AI Score

0.971EPSS

2023-04-22 09:34 PM
172
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager

CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5...

9.8CVSS

-0.1AI Score

0.975EPSS

2022-05-09 11:46 AM
283
nessus
nessus

Atlassian JIRA Installed (Windows)

Atlassian JIRA, issue tracking software, was detected on the remote Windows...

3.1AI Score

2019-11-22 12:00 AM
12
redos
redos

ROS-20240607-03

A vulnerability in the lrzip.c:initialize_control component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability.....

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-07 12:00 AM
1
ubuntu
ubuntu

OpenVPN vulnerability

Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages openvpn - virtual private network software Details It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using...

9.8CVSS

7.5AI Score

0.007EPSS

2024-06-26 12:00 AM
cisco
cisco

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...

5.9AI Score

0.0004EPSS

2024-05-15 04:00 PM
5
cvelist
cvelist

CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...

5.3CVSS

5.4AI Score

0.001EPSS

2024-06-05 08:28 AM
1
githubexploit
githubexploit

Exploit for Incorrect Authorization in Telegram

Disclaimer This exploit has been created solely for the...

5.5CVSS

5.5AI Score

0.0004EPSS

2023-08-30 12:40 PM
439
nessus
nessus

IBM HTTP Server Installed (Linux)

IBM HTTP Server is installed on the remote Linux / Unix...

0.2AI Score

2020-12-02 12:00 AM
60
nessus
nessus

Atlassian Confluence Installed (Windows)

Atlassian Confluence was detected on the remote Windows...

2.2AI Score

2022-06-09 12:00 AM
17
nessus
nessus

Atlassian Jira Installed (Unix / Linux)

Atlassian JIRA, issue tracking software, was detected on the remote Unix / Linux...

2.3AI Score

2019-12-03 12:00 AM
16
nessus
nessus

Atlassian JIRA Plugins Detection

The Atlassian JIRA application running on the remote host has plugins installed and...

2AI Score

2019-09-23 12:00 AM
9
github
github

MunkiReport Software Update module is vulnerable to SQL injection

A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/...

8.8CVSS

8.6AI Score

0.001EPSS

2022-05-24 05:24 PM
9
githubexploit
githubexploit

Exploit for Command Injection in Vmware Vrealize Network Insight

CVE-2023-20887 POC for CVE-2023-20887 VMWare Aria Operations...

9.8CVSS

10.4AI Score

0.967EPSS

2023-06-13 01:17 PM
420
nuclei
nuclei

SuiteCRM - SQL Injection

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

7.7AI Score

0.048EPSS

2024-06-11 02:58 PM
3
nessus
nessus

DameWare Remote Support Detection

DameWare Remote Support, formerly DameWare NT Utilities, is installed on the remote Windows...

1.5AI Score

2014-02-28 12:00 AM
11
nessus
nessus

Zimbra Collaboration Server Aspell Spell Check Service Detection

The spell check service for Zimbra Collaboration Server, an open source messaging and collaboration solution, was detected on the remote host. This service is used by the Zimbra...

1.5AI Score

2014-02-24 12:00 AM
11
vulnrichment
vulnrichment

CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...

5.3CVSS

7.1AI Score

0.001EPSS

2024-06-05 08:28 AM
Total number of security vulnerabilities624175