Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...
6.3AI Score
0.0004EPSS
Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability
A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An...
7.2AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through...
8.1CVSS
7.3AI Score
0.001EPSS
GlobalProtect - OS Command Injection
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama...
10CVSS
9.9AI Score
0.957EPSS
Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine Servicedesk Plus
CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077:...
9.8CVSS
9.4AI Score
0.974EPSS
BackOrifice Software Detection
The remote host seems to be running BackOrifice 1.x with no password. BackOrifice is a trojan which allows an intruder to take control of the remote...
7.5AI Score
Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending...
7.2AI Score
0.0004EPSS
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input...
7AI Score
0.0004EPSS
Silverstripe X-Forwarded-Host request hostname injection
A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...
7.3AI Score
BigAnt Server 5.6.06 - Improper Access Control
BigAnt Server 5.6.06 is susceptible to improper access control. The software utililizes weak password hashes. An attacker can craft a password hash and thereby possibly possibly obtain sensitive information, modify data, and/or execute unauthorized...
5.3CVSS
5.5AI Score
0.004EPSS
Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability
A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit....
7.4AI Score
0.0004EPSS
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network...
9.8CVSS
7.6AI Score
0.002EPSS
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator...
6.1CVSS
6.1AI Score
0.001EPSS
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests...
7.5CVSS
7.2AI Score
0.974EPSS
Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions...
7.5CVSS
6.6AI Score
0.001EPSS
GeoServer WPS - Server Side Request Forgery
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request.....
9.8CVSS
9.1AI Score
0.121EPSS
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or...
7.5CVSS
7.1AI Score
0.011EPSS
Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround...
6.5CVSS
6.8AI Score
0.001EPSS
Webmin <1.997 - Authenticated Remote Code Execution
Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a...
9.8CVSS
10AI Score
0.97EPSS
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...
9.1CVSS
7.4AI Score
0.001EPSS
Atlassian JIRA Plugins Detection
The Atlassian JIRA application running on the remote host has plugins installed and...
2AI Score
According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service vulnerability in the network stack due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An unauthenticated,...
5.3CVSS
5.5AI Score
0.011EPSS
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. Notes Author| Note ---|--- mdeslaur |.....
6.5CVSS
6.9AI Score
0.0004EPSS
Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830)
Remove specific prevalent malware with Windows Malicious Software Removal Tool (KB890830) Summary The Windows Malicious Software Removal Tool (MSRT) helps remove malicious software from computers that are running any of the following operating systems: Windows 10 Windows Server 2019 Windows...
8.9AI Score
EPSS
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version...
8.1CVSS
6.9AI Score
0.001EPSS
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.xerial.snappy:snappy-java...
7.5CVSS
9.6AI Score
0.001EPSS
Cisco IOS XE Software Information Disclosure Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the web UI of Cisco IOS XE Software which allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the....
5.3CVSS
5.5AI Score
0.001EPSS
Cisco IOS XE Software Privilege Escalation Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the web UI of Cisco IOS XE Software, which could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI.The vulnerability is due to a....
8.8CVSS
8.9AI Score
0.002EPSS
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard....
4.8CVSS
7.2AI Score
0.001EPSS
Cisco Wireless LAN Controller Software GUI Configuration Denial of Service Vulnerabilities
According to its self-reported version, Cisco Wireless LAN Controller (WLC) is affected by following vulnerability Multiple vulnerabilities in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to...
6.8CVSS
6AI Score
0.001EPSS
Silverstripe XSS in Director::force_redirect()
A low level XSS vulnerability has been found in the Framework affecting http redirection via the Director::force_redirect method. Attempts to redirect to a url may generate HTML which is not safely escaped, and may pose a risk of XSS in some environments. This vulnerability is marked low as it is.....
5.9AI Score
Cisco Access Point Software Secure Boot Bypass Vulnerability
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary...
7AI Score
0.0004EPSS
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in...
5.5CVSS
6.6AI Score
0.001EPSS
Multiple vulnerabilities in the Internet Key Exchange version 1 (IKEv1) fragmentation feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow or corruption on an affected system. For more information about these...
7.3AI Score
0.0004EPSS
A vulnerability in the HTTP2 protocol implementation (network/access/http2/hpacktable.cpp) of the cross-platform Qt software development framework is related to an integer overflow resulting from a a change in the typical order of expressions in a conditional statement ("Yoda conditions")....
9.8CVSS
6.9AI Score
0.001EPSS
SilverStripe framework XML Quadratic Blowup Attack
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a...
7AI Score
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...
9.8CVSS
7.5AI Score
0.001EPSS
Silverstripe XSS in Director::force_redirect()
A low level XSS vulnerability has been found in the Framework affecting http redirection via the Director::force_redirect method. Attempts to redirect to a url may generate HTML which is not safely escaped, and may pose a risk of XSS in some environments. This vulnerability is marked low as it is.....
5.9AI Score
[SECURITY] Fedora 40 Update: efifs-1.9-6.fc40
Free software EFI/UEFI standalone file system drivers, based on the GRUB 2.0 read-only drivers: AFFS (Amiga Fast FileSystem), BFS (BeOS FileSystem), btr fs, exFAT, ext2/ext3/ext4, F2FS (experimental), HFS and HFS+ (Mac OS, including the compression support), ISO9660, JFS (Journaled FileSystem),...
6CVSS
6.2AI Score
0.0004EPSS
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a...
9.8CVSS
8AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8.....
6.5CVSS
6.1AI Score
0.001EPSS
Cisco IOS XE Software Path Traversal Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Guest Shell. The vulnerability could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to...
6.7CVSS
6.8AI Score
0.0004EPSS
Cisco IOS XE Software Command Injection Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability that could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges.The vulnerability occurs because the affected software...
7.2CVSS
7.2AI Score
0.002EPSS
Cisco IOS XE Software Privilege Escalation Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by following vulnerability A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by...
8.8CVSS
8.9AI Score
0.002EPSS
Cisco IOS XE Software Command Injection Vulnerability
According to its self-reported version, the Cisco IOS XE Software is affected by a vulnerability that allows an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by...
7.8CVSS
8AI Score
0.0004EPSS
Cisco IOS XE Software mDNS Gateway DoS
The remote Cisco device is running a version of Cisco IOS XE software that is affected by a vulnerability in the multicast DNS gateway component due to improper validation of mDNS packets. A remote, unauthenticated attacker, by sending crafted packets to UDP port 5353, can exploit this to cause a.....
6.6AI Score
0.002EPSS
How to Collect Logs for Veeam Agent for Microsoft Windows
This document shows how to gather logs for Veeam Agent for Microsoft Windows support...
2AI Score
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in...
6.2CVSS
5.1AI Score
0.001EPSS
Cisco IOS XE Software Software Plug and Play Agent Memory Leak(cisco-sa-20180926-pnp-memleak)
According to its self-reported version, Cisco IOS XE Software is affected by a memory leak vulnerability in the Cisco Network Plug and Play agent due to insufficient input validation. An unauthenticated, remote attacker can exploit this, by sending invalid data to the Cisco Network Plug and Play...
8.6CVSS
8.7AI Score
0.002EPSS