Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

cve
cve

CVE-2024-35635

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

4.4CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
14
cvelist
cvelist

CVE-2024-35635 WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 10:03 AM
nessus
nessus

Cisco Firepower Management Center Software SQL Injection (cisco-sa-fmc-sqli-WFFDnNOs)

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

8.8CVSS

8.4AI Score

0.001EPSS

2024-06-07 12:00 AM
cvelist
cvelist

CVE-2024-32947 WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...

4.3CVSS

5AI Score

0.0004EPSS

2024-04-24 02:48 PM
cvelist
cvelist

CVE-2023-48747 WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 10:58 AM
1
vulnrichment
vulnrichment

CVE-2023-48747 WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-04 10:58 AM
nessus
nessus

Cisco IOS XE Software Auxiliary Asynchronous Port DoS (cisco-sa-aux-333WBz8f)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This...

5.6CVSS

5.6AI Score

0.0004EPSS

2024-04-12 12:00 AM
24
cve
cve

CVE-2024-29773

Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through...

7.1CVSS

8.7AI Score

0.0004EPSS

2024-03-27 02:15 PM
28
cve
cve

CVE-2024-32947

Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-04-24 03:15 PM
33
vulnrichment
vulnrichment

CVE-2023-51511 WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-04 12:22 PM
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...

9.8CVSS

9.7AI Score

0.938EPSS

2024-06-05 01:05 AM
113
githubexploit
githubexploit

Exploit for Command Injection in Apache Airflow

Apache Airflow SQL injection PoC (CVE-2023-22884) **PoC for...

9.8CVSS

10.5AI Score

0.008EPSS

2023-07-29 09:26 AM
478
githubexploit
githubexploit

Exploit for Command Injection in Apache Airflow

Apache Airflow SQL injection PoC (CVE-2023-22884) **PoC for...

9.8CVSS

10.5AI Score

0.008EPSS

2023-07-29 09:26 AM
265
cve
cve

CVE-2023-51511

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-06-04 01:15 PM
12
cvelist
cvelist

CVE-2023-51511 WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 12:22 PM
veeam
veeam

Guest File Restore from Backup of Linux on Power Machine Fails to Mount

Linux on Power uses a block size of 64 KiB for the BTRFS file system, which cannot be mounted by 64-bit Linux operating systems, which typically use a 4KiB block...

7.1AI Score

2024-04-18 12:00 AM
9
ibm
ibm

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)

Summary IBM QRadar Suite software is vulnerable to information exposure through cookie settings. This has been addressed in the latest update. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details ** CVEID: CVE-2022-38386 ...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-04-30 08:34 AM
2
cve
cve

CVE-2024-33538

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-04-29 08:15 AM
23
cvelist
cvelist

CVE-2024-33538 WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-04-29 07:50 AM
cvelist
cvelist

CVE-2024-29773 WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through...

7.1CVSS

6.8AI Score

0.0004EPSS

2024-03-27 01:21 PM
1
osv
osv

CVE-2021-35939

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat....

6.7CVSS

6.7AI Score

0.001EPSS

2022-08-26 04:15 PM
7
githubexploit
githubexploit

Exploit for Expression Language Injection in Atlassian Confluence Data Center

CVE-2022-26134 A pre-authenticated RCE vulnerability in...

9.8CVSS

9.9AI Score

0.975EPSS

2024-06-07 10:15 PM
85
nvd
nvd

CVE-2023-48747

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 11:15 AM
1
cvelist
cvelist

CVE-2024-0496 Kashipara Billing Software HTTP POST Request item_list_edit.php sql injection

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...

6.3CVSS

10AI Score

0.001EPSS

2024-01-13 05:00 PM
veeam
veeam

How to Connect to an Object Storage Repository via Azure Blob Private Endpoints

This article documents how to use Azure Blob Storage Account private endpoints (via Azure VPN or Azure ExpressRoute) for offload or to connect to an Object Storage Repository in Veeam Backup & Replication 12 or...

7.1AI Score

2023-01-10 12:00 AM
13
veeam
veeam

How to reset VMware Virtual Machine CBT

How to reset Change Block Tracking on the...

2.2AI Score

2011-07-28 12:00 AM
6
vulnrichment
vulnrichment

CVE-2024-0496 Kashipara Billing Software HTTP POST Request item_list_edit.php sql injection

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...

6.3CVSS

7.5AI Score

0.001EPSS

2024-01-13 05:00 PM
cve
cve

CVE-2024-29760

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through...

7.1CVSS

9.3AI Score

0.0004EPSS

2024-03-27 02:15 PM
30
cve
cve

CVE-2024-25097

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-03-13 04:15 PM
14
githubexploit
githubexploit

Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect

How to use I'm using Python3.9 ``` pip install requests...

7.4AI Score

2024-02-21 09:42 AM
23
nvd
nvd

CVE-2023-51511

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 01:15 PM
1
nessus
nessus

Cisco Adaptive Security Appliance Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

5CVSS

7.4AI Score

0.0004EPSS

2024-06-14 12:00 AM
ibm
ibm

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal and Global View products are vulnerable due to a Jave SE issue. The vulnerability has been addressed and can be resolved by applying the SANnav code level listed below. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability...

3.7CVSS

5AI Score

0.001EPSS

2024-05-01 09:37 PM
1
nessus
nessus

Cisco Adaptive Security Appliance Software DNS Inspection DoS (cisco-sa-asaftd-dos-nJVAwOeq)

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An...

8.6CVSS

7.4AI Score

0.001EPSS

2022-05-18 12:00 AM
16
cve
cve

CVE-2024-32562

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...

8.6CVSS

8.3AI Score

0.0004EPSS

2024-04-18 10:15 AM
34
cvelist
cvelist

CVE-2024-32562 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...

8.6CVSS

8.7AI Score

0.0004EPSS

2024-04-18 10:01 AM
nessus
nessus

Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

5CVSS

7.1AI Score

0.0004EPSS

2024-06-14 12:00 AM
veeam
veeam

NFC connectivity troubleshooting steps

You may find the following error in the job log: NFC storage connection is unavailable [timestamp] Error Client error: NFC storage connection is unavailable. Storage: [stg:datastore-110,nfchost:host-164,conn:89.21.235.108]. Storage display name: [Datastore]. [timestamp] Error Failed to create NFC.....

1.2AI Score

2011-08-26 12:00 AM
19
cvelist
cvelist

CVE-2024-29760 WordPress Booster for WooCommerce plugin <= 7.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-03-27 01:16 PM
cvelist
cvelist

CVE-2024-25097 WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-13 03:58 PM
cisco
cisco

Cisco Identity Services Engine Server-Side Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

7.2AI Score

0.0004EPSS

2024-04-03 04:00 PM
6
osv
osv

silverstripe/userforms file upload exposure on UserForms module

The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...

7AI Score

2024-05-28 05:21 PM
2
githubexploit
githubexploit

Exploit for Link Following in Git

Poc for CVE-2024-32002, the script made from the developer's...

9CVSS

9.2AI Score

0.001EPSS

2024-05-18 02:42 AM
119
osv
osv

tpm2-tss vulnerabilities

Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-22745) Jurgen Repp and Andreas Fuchs discovered...

6.4CVSS

7.2AI Score

EPSS

2024-05-28 10:05 PM
1
githubexploit
githubexploit

Exploit for Server-Side Request Forgery in Anyscale Ray

PoC for a remote command execution vulnerability in Ray...

9.8CVSS

7.9AI Score

0.014EPSS

2024-03-29 09:54 AM
90
cisco
cisco

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

7.6AI Score

0.0004EPSS

2024-04-03 04:00 PM
6
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in Veeam Veeam Backup & Replication

CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup...

7.5CVSS

8.2AI Score

0.022EPSS

2023-03-18 04:20 PM
679
vulnrichment
vulnrichment

CVE-2024-32562 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...

8.6CVSS

6.7AI Score

0.0004EPSS

2024-04-18 10:01 AM
cvelist
cvelist

CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

0.001EPSS

2024-06-10 11:19 AM
6
osv
osv

CVE-2022-39373

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to.....

4.9CVSS

7AI Score

0.001EPSS

2022-11-03 04:15 PM
1
Total number of security vulnerabilities622542