SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...
9.6CVSS
7.9AI Score
0.001EPSS
NFC connectivity troubleshooting steps
You may find the following error in the job log: NFC storage connection is unavailable [timestamp] Error Client error: NFC storage connection is unavailable. Storage: [stg:datastore-110,nfchost:host-164,conn:89.21.235.108]. Storage display name: [Datastore]. [timestamp] Error Failed to create NFC.....
1.2AI Score
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There.....
5.3CVSS
7.2AI Score
0.001EPSS
Vulnerability of bgp_capability_msg_parse() functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP.....
9.1CVSS
8.6AI Score
0.029EPSS
[SECURITY] Fedora 39 Update: rust-routinator-ui-0.3.4-2.fc39
Web UI for Routinator, a RPKI relying party...
7.3AI Score
Silverstripe XSS vulnerability via VirtualPage
A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...
6.3AI Score
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive...
5.5CVSS
6.8AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.5CVSS
7.6AI Score
0.0004EPSS
Silverstripe History XSS Vulnerability
A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...
6.3AI Score
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated......
5.3CVSS
6.5AI Score
0.002EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...
9.6CVSS
9.7AI Score
0.001EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
10CVSS
9.7AI Score
0.048EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.6CVSS
8.4AI Score
0.0005EPSS
WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is...
9.8CVSS
9.9AI Score
0.74EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...
6.5CVSS
6.9AI Score
0.0005EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been...
5.4CVSS
7AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to....
8.8CVSS
6.9AI Score
0.001EPSS
Intel Dynamic Tuning Technology Software Privilege Escalation (INTEL-SA-00984)
Improper access control in the Intel DTT Software before version 8.7.10802.26924 may allow an authenticated user to potentially enable escalation of privilege via local access. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.9CVSS
7.5AI Score
0.0004EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users....
5.4CVSS
6.9AI Score
0.001EPSS
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...
7.5CVSS
7AI Score
0.001EPSS
Exploit for External Control of File Name or Path in Fortinet Fortinac
CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...
9.8CVSS
9.8AI Score
0.948EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
7.7CVSS
6.8AI Score
0.0005EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.9CVSS
8.3AI Score
0.0004EPSS
Software: lua 5.3.4 OS: ROSA Virtualization 2.1 package_evr_string: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in lua_resume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...
5.5CVSS
7AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...
4.3CVSS
7AI Score
0.001EPSS
Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass
Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the...
7.5CVSS
6.4AI Score
0.259EPSS
Exploit for Use of a Broken or Risky Cryptographic Algorithm in Vmware Aria Operations For Networks
CVE-2023-34039 POC for CVE-2023-34039 VMWare Aria Operations...
9.8CVSS
7.3AI Score
0.945EPSS
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...
8.6CVSS
6.8AI Score
0.0005EPSS
Cisco Secure Email Gateway HTTP Response Splitting Vulnerability
A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to...
6.1AI Score
0.0004EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS)...
4.8CVSS
5.9AI Score
0.001EPSS
Security Bulletin: NVIDIA GPU Display Driver - June 2024
NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...
7.8CVSS
8AI Score
0.0004EPSS
Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...
6.3AI Score
0.0004EPSS
How to uninstall Veeam CDP VAIO filter driver manually
Veeam Support Knowledge Base answer to: How to uninstall Veeam CDP VAIO filter driver...
2.8AI Score
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)
Summary IBM QRadar Suite software is vulnerable to information exposure through cookie settings. This has been addressed in the latest update. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details ** CVEID: CVE-2022-38386 ...
5.9CVSS
6.1AI Score
0.0004EPSS
Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)
According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...
8.6CVSS
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
6.5AI Score
0.0004EPSS
Silverstripe XSS vulnerability via VirtualPage
A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...
6.3AI Score
Exploit for SQL Injection in Cisco Smart Software Manager On-Prem
CVE-2023-20110 PoC script for CVE-2023-20110 -...
6.5CVSS
8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to...
6.7AI Score
0.0004EPSS
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image...
6.5AI Score
0.0004EPSS
Exploit for SQL Injection in Osgeo Geoserver
CVE-2023-25157 - GeoServer SQL Injection - PoC CVE:...
9.8CVSS
9.9AI Score
0.58EPSS
Silverstripe History XSS Vulnerability
A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...
6.3AI Score
software-dl.ti.com Cross Site Scripting vulnerability OBB-3852622
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...
7.8CVSS
7.2AI Score
0.0004EPSS
BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to...
8.8CVSS
7AI Score
0.001EPSS
In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image...
6.3AI Score
0.0004EPSS
Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.
Summary The SANnav Management Portal and Global View products are vulnerable due to a Jave SE issue. The vulnerability has been addressed and can be resolved by applying the SANnav code level listed below. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability...
3.7CVSS
5AI Score
0.001EPSS
Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...
9.8CVSS
10AI Score
EPSS
Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local...
4.4CVSS
6.8AI Score
0.0004EPSS
Exploit for Improper Privilege Management in Sudo Project Sudo
CVE-2023-22809 CVE-2023-22809 is a critical...
7.8CVSS
8.3AI Score
0.001EPSS