Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.4CVSS
7.2AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.4CVSS
5.2AI Score
0.0004EPSS
Cisco Firepower Management Center Software SQL Injection (cisco-sa-fmc-sqli-WFFDnNOs)
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...
8.8CVSS
8.4AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
Cisco IOS XE Software Auxiliary Asynchronous Port DoS (cisco-sa-aux-333WBz8f)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This...
5.6CVSS
5.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through...
7.1CVSS
8.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...
6.5CVSS
7AI Score
0.0004EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...
9.8CVSS
9.7AI Score
0.938EPSS
Exploit for Command Injection in Apache Airflow
Apache Airflow SQL injection PoC (CVE-2023-22884) **PoC for...
9.8CVSS
10.5AI Score
0.008EPSS
Exploit for Command Injection in Apache Airflow
Apache Airflow SQL injection PoC (CVE-2023-22884) **PoC for...
9.8CVSS
10.5AI Score
0.008EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...
6.5CVSS
7.2AI Score
0.0004EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...
6.5CVSS
6.6AI Score
0.0004EPSS
Guest File Restore from Backup of Linux on Power Machine Fails to Mount
Linux on Power uses a block size of 64 KiB for the BTRFS file system, which cannot be mounted by 64-bit Linux operating systems, which typically use a 4KiB block...
7.1AI Score
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)
Summary IBM QRadar Suite software is vulnerable to information exposure through cookie settings. This has been addressed in the latest update. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details ** CVEID: CVE-2022-38386 ...
5.9CVSS
6.1AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through...
5.3CVSS
6.7AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through...
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2024-29773 WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat....
6.7CVSS
6.7AI Score
0.001EPSS
Exploit for Expression Language Injection in Atlassian Confluence Data Center
CVE-2022-26134 A pre-authenticated RCE vulnerability in...
9.8CVSS
9.9AI Score
0.975EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-0496 Kashipara Billing Software HTTP POST Request item_list_edit.php sql injection
A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...
6.3CVSS
10AI Score
0.001EPSS
How to Connect to an Object Storage Repository via Azure Blob Private Endpoints
This article documents how to use Azure Blob Storage Account private endpoints (via Azure VPN or Azure ExpressRoute) for offload or to connect to an Object Storage Repository in Veeam Backup & Replication 12 or...
7.1AI Score
2.2AI Score
CVE-2024-0496 Kashipara Billing Software HTTP POST Request item_list_edit.php sql injection
A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...
6.3CVSS
7.5AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect
How to use I'm using Python3.9 ``` pip install requests...
7.4AI Score
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...
6.5CVSS
6.6AI Score
0.0004EPSS
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
5CVSS
7.4AI Score
0.0004EPSS
Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.
Summary The SANnav Management Portal and Global View products are vulnerable due to a Jave SE issue. The vulnerability has been addressed and can be resolved by applying the SANnav code level listed below. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability...
3.7CVSS
5AI Score
0.001EPSS
Cisco Adaptive Security Appliance Software DNS Inspection DoS (cisco-sa-asaftd-dos-nJVAwOeq)
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An...
8.6CVSS
7.4AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
8.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
8.7AI Score
0.0004EPSS
Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
5CVSS
7.1AI Score
0.0004EPSS
NFC connectivity troubleshooting steps
You may find the following error in the job log: NFC storage connection is unavailable [timestamp] Error Client error: NFC storage connection is unavailable. Storage: [stg:datastore-110,nfchost:host-164,conn:89.21.235.108]. Storage display name: [Datastore]. [timestamp] Error Failed to create NFC.....
1.2AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through...
7.1CVSS
7.2AI Score
0.0004EPSS
CVE-2024-25097 WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Cisco Identity Services Engine Server-Side Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...
7.2AI Score
0.0004EPSS
silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
Exploit for Link Following in Git
Poc for CVE-2024-32002, the script made from the developer's...
9CVSS
9.2AI Score
0.001EPSS
Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-22745) Jurgen Repp and Andreas Fuchs discovered...
6.4CVSS
7.2AI Score
EPSS
Exploit for Server-Side Request Forgery in Anyscale Ray
PoC for a remote command execution vulnerability in Ray...
9.8CVSS
7.9AI Score
0.014EPSS
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...
7.6AI Score
0.0004EPSS
Exploit for Missing Authentication for Critical Function in Veeam Veeam Backup & Replication
CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup...
7.5CVSS
8.2AI Score
0.022EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
6.7AI Score
0.0004EPSS
CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to.....
4.9CVSS
7AI Score
0.001EPSS