Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

cvelist
cvelist

CVE-2023-52230 WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

0.0004EPSS

2024-06-09 09:08 AM
5
cvelist
cvelist

CVE-2023-6047 Reflected XSS in Algoritim E-commerce Software

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before...

6.1CVSS

6.5AI Score

0.0005EPSS

2024-03-29 11:35 AM
2
nvd
nvd

CVE-2024-35691

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 03:15 PM
nessus
nessus

Python Software Foundation Python Installed (Windows)

Python, a tool to locally create and run application in the python programming language, is installed on the remote Windows...

1.1AI Score

2020-07-31 12:00 AM
18
nessus
nessus

Malicious Process Detection: APT1 Software Running

The md5sum of one or more running processes on the remote Windows host matches the signature distributed by Mandiant of software known to be involved in corporate cyber espionage by a unit called APT1. Verify that the remote processes are legitimate and authorized in your...

2.4AI Score

2013-02-19 12:00 AM
10
nvd
nvd

CVE-2023-52232

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

0.0004EPSS

2024-06-09 09:15 AM
4
nvd
nvd

CVE-2023-52230

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

0.0004EPSS

2024-06-09 09:15 AM
3
cvelist
cvelist

CVE-2024-32752 Johnson Controls Software House iStar Pro Door Controller

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...

0.0004EPSS

2024-06-06 08:49 PM
1
vulnrichment
vulnrichment

CVE-2024-32752 Johnson Controls Software House iStar Pro Door Controller

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...

6.9AI Score

0.0004EPSS

2024-06-06 08:49 PM
1
cvelist
cvelist

CVE-2024-32777 WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability

Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through...

7.5CVSS

0.0004EPSS

2024-06-09 01:10 PM
1
vulnrichment
vulnrichment

CVE-2023-52230 WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability

Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-09 09:08 AM
cve
cve

CVE-2024-35691

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 03:15 PM
22
githubexploit
githubexploit

Exploit for CVE-2024-23692

Unauthenticated RCE Flaw in Rejetto HTTP File Server...

9.8CVSS

8.6AI Score

0.002EPSS

2024-06-13 06:00 AM
47
ibm
ibm

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...

8.7CVSS

9.7AI Score

0.008EPSS

2024-05-03 10:32 AM
8
nessus
nessus

Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

5CVSS

5.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
redos
redos

ROS-20240617-02

A vulnerability in the bgpd/bgp_attr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgp_attr_aigp_valid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-17 12:00 AM
1
cve
cve

CVE-2023-52775

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

6.7AI Score

0.0004EPSS

2024-05-21 04:15 PM
29
cvelist
cvelist

CVE-2024-35691 WordPress Widget Options - Extended plugin <= 5.1.0 - Multiple Data Exposure Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-08 02:38 PM
5
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in Veeam Veeam Backup & Replication

CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup...

7.5CVSS

8.2AI Score

0.022EPSS

2023-03-18 04:20 PM
687
githubexploit
githubexploit

Exploit for CVE-2024-29824

CVE-2024-29824: Ivanti EPM SQL Injection Remote Code...

9.6CVSS

9.1AI Score

0.001EPSS

2024-06-12 01:53 PM
146
veeam
veeam

Quantum DXi Storage With Firmware 3.x Does Not Work with Veeam Backup & Replication 12

Veeam Backup & Replication cannot connect to the Quantum DXi storage because a secured TLS communication channel cannot be created. Starting in Veeam Backup & Replication 12, communication with deduplicating storage appliances is secured using a TLS connection. In order to create such a TLS...

1.7AI Score

2023-03-17 12:00 AM
7
veeam
veeam

Backup job reports Unfreeze Error (Over VIX)

Backup job returns an error:Unfreeze error (over VIX): [Backup job failed.]Running vssadmin list writers command may result in:Non-Retryable error for Volume Shadow Copy Service (VSS) of the...

2.8AI Score

2013-07-08 12:00 AM
6
nessus
nessus

Cisco Adaptive Security Appliance Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

5CVSS

5.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
2
nessus
nessus

Cisco Firepower Management Center Software SQL Injection (cisco-sa-fmc-sqli-WFFDnNOs)

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

8.8CVSS

8.4AI Score

0.001EPSS

2024-06-07 12:00 AM
nessus
nessus

Intel Chipset Device Software < 10.1.19444.8378 Escalation of Privilege

The version of Intel Chipset Device Software installed on the remote Windows host is prior to 10.1.19444.8378. It is, therefore, affected by multiple vulnerabilities: Due to an uncontrolled search path element, an authenticated, local attacker can elevate their privileges. (CVE-2023-28388,...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-11-30 12:00 AM
114
nessus
nessus

Cisco Adaptive Security Appliance Software DNS Inspection DoS (cisco-sa-asaftd-dos-nJVAwOeq)

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An...

8.6CVSS

8AI Score

0.001EPSS

2022-05-18 12:00 AM
16
osv
osv

CVE-2022-40755

JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in...

5.5CVSS

9.1AI Score

0.001EPSS

2022-09-16 10:15 PM
1
githubexploit
githubexploit

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2023-34992: Fortinet FortiSIEM Unauthenticated Command...

9.8CVSS

8AI Score

0.001EPSS

2024-05-17 12:07 PM
59
cvelist
cvelist

CVE-2023-52775 net/smc: avoid data corruption caused by decline

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

6.5AI Score

0.0004EPSS

2024-05-21 03:30 PM
1
githubexploit
githubexploit

Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyShell Proof of Concept Exploit for Microsoft Exchange...

8.5AI Score

2021-09-04 03:34 PM
228
githubexploit
githubexploit

Exploit for CVE-2024-27697

FuguHub 8.4 Authenticated RCE Fuguhub is a Cloud Media...

8.8AI Score

EPSS

2024-03-09 10:24 PM
26
osv
osv

CVE-2022-24373

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of...

7.5CVSS

7.5AI Score

0.002EPSS

2022-09-30 05:15 AM
6
veeam
veeam

Using Object Storage with Veeam Products

Support for S3 and S3-compatible, versioning is not required unless using object lock. With Azure Blob versioning, soft-delete, change feed, point in time restore, and immutability are not...

2.7AI Score

2021-11-18 12:00 AM
8
cve
cve

CVE-2024-35635

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

4.4CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
hp
hp

Intel Thunderbolt Driver May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt driver software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...

7CVSS

7.4AI Score

0.0004EPSS

2024-05-14 12:00 AM
13
cvelist
cvelist

CVE-2024-32947 WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...

4.3CVSS

5AI Score

0.0004EPSS

2024-04-24 02:48 PM
nessus
nessus

Cisco IOS XE Software Auxiliary Asynchronous Port DoS (cisco-sa-aux-333WBz8f)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This...

5.6CVSS

5.6AI Score

0.0004EPSS

2024-04-12 12:00 AM
26
cvelist
cvelist

CVE-2024-35635 WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 10:03 AM
osv
osv

CVE-2022-39063

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without...

7.5CVSS

6.8AI Score

0.001EPSS

2022-09-16 07:15 PM
1
vulnrichment
vulnrichment

CVE-2023-51511 WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-04 12:22 PM
cvelist
cvelist

CVE-2024-31360 WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through...

4.3CVSS

4.9AI Score

0.0004EPSS

2024-04-12 12:23 PM
cvelist
cvelist

CVE-2023-48747 WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 10:58 AM
1
vulnrichment
vulnrichment

CVE-2023-48747 WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-04 10:58 AM
cve
cve

CVE-2023-48747

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-06-04 11:15 AM
56
atlassian
atlassian

SSRF via WebDAV endpoint - CVE-2019-3395

There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance. Affected versions: * All versions of Confluence Server and Confluence Data...

9.8CVSS

2.9AI Score

0.975EPSS

2019-02-27 10:52 PM
28
nvd
nvd

CVE-2023-48747

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 11:15 AM
1
githubexploit
githubexploit

Exploit for OS Command Injection in Php

PHP CGI argument injection to RCE (CVE-2024-4577) - exploit...

9.8CVSS

10AI Score

0.967EPSS

2024-06-18 01:19 PM
155
vulnrichment
vulnrichment

CVE-2024-32562 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...

8.6CVSS

6.7AI Score

0.0004EPSS

2024-04-18 10:01 AM
2
osv
osv

CVE-2023-25828

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization...

7.2CVSS

8AI Score

0.001EPSS

2023-03-27 05:15 PM
2
nvd
nvd

CVE-2023-52843

In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...

6.3AI Score

0.0004EPSS

2024-05-21 04:15 PM
Total number of security vulnerabilities624176