Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

github
github

MunkiReport Software Update module is vulnerable to SQL injection

A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/...

8.8CVSS

8.6AI Score

0.001EPSS

2022-05-24 05:24 PM
9
osv
osv

CVE-2021-35939

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat....

6.7CVSS

6.7AI Score

0.001EPSS

2022-08-26 04:15 PM
8
githubexploit
githubexploit

Exploit for Command Injection in Vmware Vrealize Network Insight

CVE-2023-20887 POC for CVE-2023-20887 VMWare Aria Operations...

9.8CVSS

10.4AI Score

0.967EPSS

2023-06-13 01:17 PM
420
nessus
nessus

Cisco Adaptive Security Appliance Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level.....

6CVSS

6.8AI Score

0.001EPSS

2024-04-25 12:00 AM
39
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 / CVE-2024-1800 Telerik Report Server...

9.8CVSS

9.9AI Score

0.938EPSS

2024-06-04 04:07 PM
169
fedora

7.3AI Score

2024-06-02 03:39 AM
1
nessus
nessus

Cisco Firepower Management Center Software Object Group Access Control List Bypass (cisco-sa-fmc-object-bypass-fTH8tDjq)

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

5.8CVSS

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
3
ibm
ibm

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure (CVE-2022-35718)

Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....

6AI Score

EPSS

2024-06-05 12:08 PM
1
githubexploit
githubexploit

Exploit for SQL Injection in Fortinet Forticlient Enterprise Management Server

CVE-2023-48788 Fortinet FortiClient EMS SQL Injection...

9.8CVSS

8.6AI Score

0.711EPSS

2024-03-18 08:50 PM
96
osv
osv

MunkiReport Software Update module is vulnerable to SQL injection

A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/...

8.8CVSS

8.6AI Score

0.001EPSS

2022-05-24 05:24 PM
2
osv
osv

BIT-suitecrm-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

6.8AI Score

0.001EPSS

2024-06-12 07:39 AM
githubexploit

9.8CVSS

9.8AI Score

0.969EPSS

2022-08-11 11:47 AM
383
nuclei
nuclei

Cisco ASA - Local File Inclusion

Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...

7.5CVSS

7.9AI Score

0.974EPSS

2020-04-22 06:42 AM
31
vulnrichment
vulnrichment

CVE-2024-2276 Bdtask G-Prescription Gynaecology & OBS Consultation Software Edit Venue Page cross site scripting

A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument....

2.4CVSS

6.1AI Score

0.0004EPSS

2024-03-08 12:31 AM
osv
osv

CVE-2023-33934

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through...

9.1CVSS

7.1AI Score

0.003EPSS

2023-08-09 07:15 AM
3
veeam
veeam

Guest File Restore from Backup of Linux on Power Machine Fails to Mount

Linux on Power uses a block size of 64 KiB for the BTRFS file system, which cannot be mounted by 64-bit Linux operating systems, which typically use a 4KiB block...

7.1AI Score

2024-04-18 12:00 AM
9
osv
osv

CVE-2022-47185

Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through...

7.5CVSS

7.1AI Score

0.002EPSS

2023-08-09 07:15 AM
4
nessus
nessus

CyberPower Power Device Network Utility Detection

CyberPower Power Device Network Utility (PDNU) is running on the remote...

7.4AI Score

2024-05-17 12:00 AM
4
osv
osv

CVE-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 08:15 PM
2
osv
osv

CVE-2024-36408

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 05:16 PM
1
githubexploit
githubexploit

Exploit for Race Condition in Microsoft

CVE-2023-36884: MS Office HTML RCE with crafted documents On...

7.5CVSS

8.2AI Score

0.227EPSS

2023-09-28 11:53 AM
479
cvelist
cvelist

CVE-2024-2276 Bdtask G-Prescription Gynaecology & OBS Consultation Software Edit Venue Page cross site scripting

A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument....

2.4CVSS

3.7AI Score

0.0004EPSS

2024-03-08 12:31 AM
githubexploit
githubexploit

Exploit for Command Injection in Nextgen Mirth Connect

RCE vulnerability in Mirth Connect (CVE-2023-37679 and...

9.8CVSS

7.4AI Score

0.038EPSS

2024-03-17 08:44 AM
27
githubexploit
githubexploit

Exploit for CVE-2023-43208

RCE vulnerability in Mirth Connect (CVE-2023-37679 and...

9.8CVSS

6.5AI Score

0.956EPSS

2024-03-17 08:44 AM
42
redos
redos

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

7.5CVSS

7.4AI Score

0.002EPSS

2024-05-29 12:00 AM
8
nessus
nessus

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...

6CVSS

6.8AI Score

0.001EPSS

2024-04-25 12:00 AM
44
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtbase-5.15.14-1.fc40

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
2
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Linux Linux Kernel

CVE-2021-22555 This repo hosts TUKRU's Linux Privilege...

8.3CVSS

7.7AI Score

0.002EPSS

2023-08-05 06:56 PM
181
nuclei
nuclei

Check Point Quantum Gateway - Information Disclosure

CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software...

8.6CVSS

8.3AI Score

0.945EPSS

2024-05-30 03:36 AM
54
osv
osv

Silverstripe XSS vulnerability via VirtualPage

A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...

6.3AI Score

2024-05-22 06:53 PM
2
osv
osv

BIT-suitecrm-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
githubexploit
githubexploit

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...

9.8CVSS

9.8AI Score

0.948EPSS

2023-02-20 03:12 PM
253
osv
osv

BIT-suitecrm-2024-36419

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the /legacy route. Version 8.6.1 contains a patch for the...

4.3CVSS

7.1AI Score

0.001EPSS

2024-06-12 07:36 AM
osv
osv

BIT-suitecrm-2024-36408

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:39 AM
nuclei
nuclei

Apache OFBiz < 18.12.07 - Local File Inclusion

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before...

7.5CVSS

7.5AI Score

0.109EPSS

2024-01-12 02:46 AM
33
osv
osv

CVE-2023-41323

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There.....

5.3CVSS

7.2AI Score

0.001EPSS

2023-09-27 03:19 PM
6
osv
osv

BIT-suitecrm-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
1
osv
osv

BIT-suitecrm-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

6.2AI Score

0.001EPSS

2024-06-12 07:36 AM
2
osv
osv

BIT-suitecrm-2024-36409

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

7.9AI Score

0.001EPSS

2024-06-12 07:38 AM
osv
osv

BIT-suitecrm-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

7.7AI Score

0.048EPSS

2024-06-12 07:38 AM
osv
osv

CVE-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 06:15 PM
osv
osv

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

10CVSS

9.7AI Score

0.048EPSS

2024-06-10 08:15 PM
1
osv
osv

CVE-2022-31061

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability......

9.8CVSS

7.6AI Score

0.002EPSS

2022-06-28 06:15 PM
6
osv
osv

CVE-2024-36417

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

9CVSS

8.7AI Score

0.001EPSS

2024-06-10 08:15 PM
2
fedora
fedora

[SECURITY] Fedora 39 Update: rust-routinator-ui-0.3.4-2.fc39

Web UI for Routinator, a RPKI relying party...

7.3AI Score

2024-06-02 03:39 AM
githubexploit
githubexploit

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2024-23108 POC Proof of concept exploit to blindly...

10CVSS

8AI Score

0.001EPSS

2024-05-28 05:21 PM
316
osv
osv

CVE-2024-36409

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

0.001EPSS

2024-06-10 06:15 PM
1
osv
osv

CVE-2021-35938

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system.....

6.7CVSS

6.4AI Score

0.001EPSS

2022-08-25 08:15 PM
10
nessus
nessus

BlackBerry Link Detection (Mac OS X)

The remote host has BlackBerry Link installed. BlackBerry Link is used for synchronizing BlackBerry 10 devices with desktop...

2.6AI Score

2013-11-22 12:00 AM
15
osv
osv

CVE-2022-39372

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been...

5.4CVSS

7AI Score

0.001EPSS

2022-11-03 04:15 PM
1
Total number of security vulnerabilities624176