The version of Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software running on the remote web server is affected by a cross-site scripting vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to...
6.1CVSS
2.6AI Score
0.971EPSS
Exploit for Improper Authentication in Fortinet Fortiproxy
CVE-2022-40684 POC for CVE-2022-40684 affecting Fortinet...
9.8CVSS
10AI Score
0.972EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version...
9.1CVSS
7.1AI Score
0.0005EPSS
OpenCMS 14 & 15 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury'...
6.1CVSS
5.8AI Score
0.001EPSS
Apache Struts - Multiple Open Redirection Vulnerabilities
Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied...
8.1AI Score
0.972EPSS
silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
Exploit for Forced Browsing in Fortra Goanywhere Managed File Transfer
CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script...
9.8CVSS
9.8AI Score
0.501EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...
8.8CVSS
7.1AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to...
9.8CVSS
8.3AI Score
0.001EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...
8.2CVSS
6.7AI Score
0.0004EPSS
HP Software Packages (SoftPaqs) – Potential Escalation of Privilege
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). HP has provided updated software packages (SoftPaqs) available from our...
8AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
Infinite Loop vulnerability in Jira Service Management Data Center and Server
This vulnerability, with a CVSS Score of 7.5, contains an iteration or loop with an exit condition that cannot be reached. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. The software's operation may slow down,....
7AI Score
Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-22745) Jurgen Repp and Andreas Fuchs discovered...
6.4CVSS
7.2AI Score
EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please...
9.8CVSS
7.8AI Score
0.001EPSS
Cisco NX-OS Software Unexpected IP in IP Packet Processing (CVE-2020-10136)
Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access...
5.3CVSS
5.5AI Score
0.015EPSS
Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities
According to its self-reported version, Cisco Wireless LAN Controller (WLC) is affected by following multiple vulnerabilities Multiple vulnerabilities in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an ...
6.5CVSS
6.7AI Score
0.001EPSS
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...
9CVSS
0.0004EPSS
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to.....
4.7CVSS
4.8AI Score
0.001EPSS
10CVSS
7.2AI Score
0.0004EPSS
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164: Apache Struts path traversal to RCE...
9.8CVSS
10AI Score
0.09EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...
9.8CVSS
9.8AI Score
0.938EPSS
CVE-2024-26229 Beacon Object Files Beacon Object File (BOF)...
7.8CVSS
7.8AI Score
0.0004EPSS
Exploit for SQL Injection in Progress Moveit Cloud
CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit...
9.8CVSS
8.4AI Score
0.957EPSS
silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
Exploit for Incorrect Authorization in Ivanti Mobileiron Sentry
CVE-2023-38035 POC for CVE-2023-38035 affecting Ivanti Sentry...
9.8CVSS
10.3AI Score
0.975EPSS
The vulnerability of Tss2_RC_Decode and Tss2_RC_SetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and...
6.4CVSS
7.3AI Score
EPSS
Atlassian Confluence Installed (Linux)
Atlassian Confluence was detected on the remote Linux...
1.4AI Score
7.8CVSS
8AI Score
0.0004EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page.....
5.4CVSS
7AI Score
0.0005EPSS
Exploit for Improper Access Control in Papercut Papercut Mf
CVE-2023-27350 POC for CVE-2023-27350 affecting PaperCut...
9.8CVSS
9.8AI Score
0.971EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5...
9.8CVSS
-0.1AI Score
0.975EPSS
Atlassian JIRA Installed (Windows)
Atlassian JIRA, issue tracking software, was detected on the remote Windows...
3.1AI Score
CVE-2023-21725 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
...
6.3CVSS
6.5AI Score
0.0004EPSS
A vulnerability in the lrzip.c:initialize_control component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability.....
9.8CVSS
7.5AI Score
0.001EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages openvpn - virtual private network software Details It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using...
9.8CVSS
7.5AI Score
0.007EPSS
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...
5.9AI Score
0.0004EPSS
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
5.3CVSS
5.4AI Score
0.001EPSS
Exploit for Incorrect Authorization in Telegram
Disclaimer This exploit has been created solely for the...
5.5CVSS
5.5AI Score
0.0004EPSS
0.2AI Score
Atlassian Confluence Installed (Windows)
Atlassian Confluence was detected on the remote Windows...
2.2AI Score
Atlassian Jira Installed (Unix / Linux)
Atlassian JIRA, issue tracking software, was detected on the remote Unix / Linux...
2.3AI Score
Atlassian JIRA Plugins Detection
The Atlassian JIRA application running on the remote host has plugins installed and...
2AI Score
MunkiReport Software Update module is vulnerable to SQL injection
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/...
8.8CVSS
8.6AI Score
0.001EPSS
Exploit for Command Injection in Vmware Vrealize Network Insight
CVE-2023-20887 POC for CVE-2023-20887 VMWare Aria Operations...
9.8CVSS
10.4AI Score
0.967EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
10CVSS
7.7AI Score
0.048EPSS
DameWare Remote Support Detection
DameWare Remote Support, formerly DameWare NT Utilities, is installed on the remote Windows...
1.5AI Score
Zimbra Collaboration Server Aspell Spell Check Service Detection
The spell check service for Zimbra Collaboration Server, an open source messaging and collaboration solution, was detected on the remote host. This service is used by the Zimbra...
1.5AI Score
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
5.3CVSS
7.1AI Score
0.001EPSS