Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5...
9.8CVSS
-0.1AI Score
0.975EPSS
Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....
6AI Score
EPSS
Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...
6CVSS
6.8AI Score
0.001EPSS
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
5.3CVSS
7.1AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please.....
6.5CVSS
6.7AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been...
5.4CVSS
7AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should...
6.5CVSS
6.9AI Score
0.001EPSS
7.8CVSS
8AI Score
0.0004EPSS
Exploit for SQL Injection in Fortinet Forticlient Enterprise Management Server
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection...
9.8CVSS
8.6AI Score
0.711EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
6.5AI Score
0.0004EPSS
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation...
7.5CVSS
9.3AI Score
0.001EPSS
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...
9CVSS
0.0004EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...
4.3CVSS
7AI Score
0.001EPSS
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through...
9.1CVSS
7.1AI Score
0.003EPSS
Cisco Software Maintenance Update Enumeration
It is possible to enumerate the installed Cisco Software Maintenance Updates on the remote Cisco device using the command 'show install...
7.5AI Score
[SECURITY] Fedora 39 Update: rust-routinator-ui-0.3.4-2.fc39
Web UI for Routinator, a RPKI relying party...
7.3AI Score
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability......
7.6AI Score
0.002EPSS
Exploit for Improper Access Control in Papercut Papercut Mf
CVE-2023-27350 POC for CVE-2023-27350 affecting PaperCut...
9.8CVSS
9.8AI Score
0.971EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...
6.5CVSS
6.9AI Score
0.0005EPSS
Silverstripe History XSS Vulnerability
A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...
6.3AI Score
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users....
5.4CVSS
6.9AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS)...
4.8CVSS
5.9AI Score
0.001EPSS
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...
5.9AI Score
0.0004EPSS
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated......
6.5AI Score
0.002EPSS
Silverstripe XSS vulnerability via VirtualPage
A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...
6.3AI Score
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to....
8.8CVSS
6.9AI Score
0.001EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...
9.8CVSS
9.9AI Score
0.938EPSS
[SECURITY] Fedora 40 Update: qt5-qtbase-5.15.14-1.fc40
Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network...
6.5AI Score
0.0004EPSS
Exploit for Incorrect Authorization in Telegram
Disclaimer This exploit has been created solely for the...
5.5CVSS
5.5AI Score
0.0004EPSS
Security Bulletin: IBM QRadar Suite software is vulnerable to cross-site scripting
Summary IBM QRadar Suite software is vulnerable to cross-site scripting in the Web UI. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
5.4CVSS
6.2AI Score
0.0004EPSS
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through...
7.5CVSS
7.1AI Score
0.002EPSS
Exploit for Code Injection in Apache Ofbiz
Apache OFBiz Authentication Bypass Vulnerability...
8AI Score
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive...
5.5CVSS
6.8AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to...
7.5CVSS
7AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
CVE-2021-22555 This repo hosts TUKRU's Linux Privilege...
8.3CVSS
7.7AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to...
6.7AI Score
0.0004EPSS
Apache OFBiz < 18.12.07 - Local File Inclusion
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before...
7.5CVSS
7.5AI Score
0.109EPSS
CVE-2024-26229 Beacon Object Files Beacon Object File (BOF)...
7.8CVSS
7.8AI Score
0.0004EPSS
RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and Server
This High severity xalan:xalan Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This xalan:xalan Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.7AI Score
0.002EPSS
Cisco ASA - Local File Inclusion
Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...
7.5CVSS
7.9AI Score
0.974EPSS
Exploit for Improper Authentication in Fortinet Fortiproxy
CVE-2022-40684 POC for CVE-2022-40684 affecting Fortinet...
9.8CVSS
10AI Score
0.972EPSS
Exploit for External Control of File Name or Path in Fortinet Fortinac
CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...
9.8CVSS
9.8AI Score
0.948EPSS
Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...
8.6CVSS
7.5AI Score
0.0004EPSS
Check Point Quantum Gateway - Information Disclosure
CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software...
8.6CVSS
8.3AI Score
0.945EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...
9.8CVSS
9.8AI Score
0.938EPSS
Veeam Service Provider Console – Compile and Upload Management Agent Logs
This article covers how to properly compile your Veeam Availability Console Management Agent...
4AI Score
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...
5.4CVSS
6.8AI Score
0.001EPSS
Veeam Service Provider Console – Compile and Upload Server Logs
This article covers how to properly compile your Veeam Service Provider Console Server...
3.4AI Score
Throttling Rules Not Being Applied
When creating rules for traffic throttling, the rules don’t take effect and jobs run at normal processing...
2.4AI Score
A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument....
2.4CVSS
6.1AI Score
0.0004EPSS