Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager

CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5...

9.8CVSS

-0.1AI Score

0.975EPSS

2022-05-09 11:46 AM
280
ibm
ibm

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure (CVE-2022-35718)

Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....

6AI Score

EPSS

2024-06-05 12:08 PM
1
nessus
nessus

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...

6CVSS

6.8AI Score

0.001EPSS

2024-04-25 12:00 AM
41
vulnrichment
vulnrichment

CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...

5.3CVSS

7.1AI Score

0.001EPSS

2024-06-05 08:28 AM
osv
osv

CVE-2022-39376

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please.....

6.5CVSS

6.7AI Score

0.001EPSS

2022-11-03 04:15 PM
4
osv
osv

CVE-2022-39372

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been...

5.4CVSS

7AI Score

0.001EPSS

2022-11-03 04:15 PM
1
osv
osv

CVE-2023-34106

GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should...

6.5CVSS

6.9AI Score

0.001EPSS

2023-07-05 06:15 PM
3
githubexploit
githubexploit

Exploit for SQL Injection in Fortinet Forticlient Enterprise Management Server

CVE-2023-48788 Fortinet FortiClient EMS SQL Injection...

9.8CVSS

8.6AI Score

0.711EPSS

2024-03-18 08:50 PM
93
nvd
nvd

CVE-2023-52775

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

6.5AI Score

0.0004EPSS

2024-05-21 04:15 PM
osv
osv

CVE-2022-2963

A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation...

7.5CVSS

9.3AI Score

0.001EPSS

2022-10-14 06:15 PM
6
cvelist
cvelist

CVE-2024-35213 Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP)

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing...

9CVSS

0.0004EPSS

2024-06-11 06:37 PM
3
osv
osv

CVE-2022-39370

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

4.3CVSS

7AI Score

0.001EPSS

2022-11-03 04:15 PM
2
osv
osv

CVE-2023-33934

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through...

9.1CVSS

7.1AI Score

0.003EPSS

2023-08-09 07:15 AM
3
nessus
nessus

Cisco Software Maintenance Update Enumeration

It is possible to enumerate the installed Cisco Software Maintenance Updates on the remote Cisco device using the command 'show install...

7.5AI Score

2020-02-14 12:00 AM
80
fedora
fedora

[SECURITY] Fedora 39 Update: rust-routinator-ui-0.3.4-2.fc39

Web UI for Routinator, a RPKI relying party...

7.3AI Score

2024-06-02 03:39 AM
osv
osv

CVE-2022-31061

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability......

7.6AI Score

0.002EPSS

2022-06-28 06:15 PM
6
githubexploit
githubexploit

Exploit for Improper Access Control in Papercut Papercut Mf

CVE-2023-27350 POC for CVE-2023-27350 affecting PaperCut...

9.8CVSS

9.8AI Score

0.971EPSS

2023-04-22 09:34 PM
171
osv
osv

CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

6.5CVSS

6.9AI Score

0.0005EPSS

2023-09-27 03:19 PM
4
github
github

Silverstripe History XSS Vulnerability

A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...

6.3AI Score

2024-05-22 06:25 PM
3
osv
osv

CVE-2022-39375

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users....

5.4CVSS

6.9AI Score

0.001EPSS

2022-11-03 04:15 PM
4
osv
osv

CVE-2022-39277

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS)...

4.8CVSS

5.9AI Score

0.001EPSS

2022-11-03 04:15 PM
4
cisco
cisco

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...

5.9AI Score

0.0004EPSS

2024-05-15 04:00 PM
4
osv
osv

CVE-2022-31068

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated......

6.5AI Score

0.002EPSS

2022-06-28 06:15 PM
3
github
github

Silverstripe XSS vulnerability via VirtualPage

A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...

6.3AI Score

2024-05-22 06:53 PM
3
osv
osv

CVE-2023-41324

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to....

8.8CVSS

6.9AI Score

0.001EPSS

2023-09-27 03:19 PM
2
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...

9.8CVSS

9.9AI Score

0.938EPSS

2024-06-04 04:07 PM
158
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtbase-5.15.14-1.fc40

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
githubexploit
githubexploit

Exploit for Incorrect Authorization in Telegram

Disclaimer This exploit has been created solely for the...

5.5CVSS

5.5AI Score

0.0004EPSS

2023-08-30 12:40 PM
433
ibm
ibm

Security Bulletin: IBM QRadar Suite software is vulnerable to cross-site scripting

Summary IBM QRadar Suite software is vulnerable to cross-site scripting in the Web UI. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

5.4CVSS

6.2AI Score

0.0004EPSS

2024-04-22 02:55 PM
7
osv
osv

CVE-2022-47185

Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through...

7.5CVSS

7.1AI Score

0.002EPSS

2023-08-09 07:15 AM
4
githubexploit
githubexploit

Exploit for Code Injection in Apache Ofbiz

Apache OFBiz Authentication Bypass Vulnerability...

8AI Score

2024-01-02 02:20 PM
27
osv
osv

CVE-2020-26683

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive...

5.5CVSS

6.8AI Score

0.001EPSS

2023-08-22 07:16 PM
3
osv
osv

CVE-2022-47184

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to...

7.5CVSS

7AI Score

0.001EPSS

2023-06-14 08:15 AM
3
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Linux Linux Kernel

CVE-2021-22555 This repo hosts TUKRU's Linux Privilege...

8.3CVSS

7.7AI Score

0.002EPSS

2023-08-05 06:56 PM
179
debiancve
debiancve

CVE-2024-36898

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
2
nuclei
nuclei

Apache OFBiz < 18.12.07 - Local File Inclusion

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before...

7.5CVSS

7.5AI Score

0.109EPSS

2024-01-12 02:46 AM
30
githubexploit
githubexploit

Exploit for CVE-2024-26229

CVE-2024-26229 Beacon Object Files Beacon Object File (BOF)...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-12 11:11 AM
21
atlassian
atlassian

RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and Server

This High severity xalan:xalan Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This xalan:xalan Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS

7.7AI Score

0.002EPSS

2024-03-07 02:45 PM
23
nuclei
nuclei

Cisco ASA - Local File Inclusion

Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...

7.5CVSS

7.9AI Score

0.974EPSS

2020-04-22 06:42 AM
30
githubexploit
githubexploit

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 POC for CVE-2022-40684 affecting Fortinet...

9.8CVSS

10AI Score

0.972EPSS

2022-10-13 02:24 PM
344
githubexploit
githubexploit

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...

9.8CVSS

9.8AI Score

0.948EPSS

2023-02-20 03:12 PM
251
nessus
nessus

Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...

8.6CVSS

7.5AI Score

0.0004EPSS

2024-05-30 12:00 AM
1
nuclei
nuclei

Check Point Quantum Gateway - Information Disclosure

CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software...

8.6CVSS

8.3AI Score

0.945EPSS

2024-05-30 03:36 AM
48
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...

9.8CVSS

9.8AI Score

0.938EPSS

2024-06-03 08:22 AM
65
veeam
veeam

Veeam Service Provider Console – Compile and Upload Management Agent Logs

This article covers how to properly compile your Veeam Availability Console Management Agent...

4AI Score

2018-09-19 12:00 AM
1
osv
osv

BIT-suitecrm-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

6.8AI Score

0.001EPSS

2024-06-12 07:39 AM
veeam
veeam

Veeam Service Provider Console – Compile and Upload Server Logs

This article covers how to properly compile your Veeam Service Provider Console Server...

3.4AI Score

2018-09-19 12:00 AM
3
veeam
veeam

Throttling Rules Not Being Applied

When creating rules for traffic throttling, the rules don’t take effect and jobs run at normal processing...

2.4AI Score

2014-09-05 12:00 AM
5
vulnrichment
vulnrichment

CVE-2024-2276 Bdtask G-Prescription Gynaecology & OBS Consultation Software Edit Venue Page cross site scripting

A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument....

2.4CVSS

6.1AI Score

0.0004EPSS

2024-03-08 12:31 AM
Total number of security vulnerabilities622542