Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
0.0004EPSS
CVE-2023-6047 Reflected XSS in Algoritim E-commerce Software
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before...
6.1CVSS
6.5AI Score
0.0005EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
6.5CVSS
0.0004EPSS
Python Software Foundation Python Installed (Windows)
Python, a tool to locally create and run application in the python programming language, is installed on the remote Windows...
1.1AI Score
Malicious Process Detection: APT1 Software Running
The md5sum of one or more running processes on the remote Windows host matches the signature distributed by Mandiant of software known to be involved in corporate cyber espionage by a unit called APT1. Verify that the remote processes are legitimate and authorized in your...
2.4AI Score
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
0.0004EPSS
CVE-2024-32752 Johnson Controls Software House iStar Pro Door Controller
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...
0.0004EPSS
CVE-2024-32752 Johnson Controls Software House iStar Pro Door Controller
Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and...
6.9AI Score
0.0004EPSS
CVE-2024-32777 WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through...
7.5CVSS
0.0004EPSS
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before...
6.5CVSS
7AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
9.8CVSS
8.6AI Score
0.002EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.7CVSS
9.7AI Score
0.008EPSS
Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
5CVSS
5.2AI Score
0.0004EPSS
A vulnerability in the bgpd/bgp_attr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgp_attr_aigp_valid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...
9.8CVSS
7.4AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
6.7AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
4.3CVSS
0.0004EPSS
Exploit for Missing Authentication for Critical Function in Veeam Veeam Backup & Replication
CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup...
7.5CVSS
8.2AI Score
0.022EPSS
9.6CVSS
9.1AI Score
0.001EPSS
Quantum DXi Storage With Firmware 3.x Does Not Work with Veeam Backup & Replication 12
Veeam Backup & Replication cannot connect to the Quantum DXi storage because a secured TLS communication channel cannot be created. Starting in Veeam Backup & Replication 12, communication with deduplicating storage appliances is secured using a TLS connection. In order to create such a TLS...
1.7AI Score
Backup job reports Unfreeze Error (Over VIX)
Backup job returns an error:Unfreeze error (over VIX): [Backup job failed.]Running vssadmin list writers command may result in:Non-Retryable error for Volume Shadow Copy Service (VSS) of the...
2.8AI Score
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
5CVSS
5.2AI Score
0.0004EPSS
Cisco Firepower Management Center Software SQL Injection (cisco-sa-fmc-sqli-WFFDnNOs)
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...
8.8CVSS
8.4AI Score
0.001EPSS
Intel Chipset Device Software < 10.1.19444.8378 Escalation of Privilege
The version of Intel Chipset Device Software installed on the remote Windows host is prior to 10.1.19444.8378. It is, therefore, affected by multiple vulnerabilities: Due to an uncontrolled search path element, an authenticated, local attacker can elevate their privileges. (CVE-2023-28388,...
7.8CVSS
7.7AI Score
0.0004EPSS
Cisco Adaptive Security Appliance Software DNS Inspection DoS (cisco-sa-asaftd-dos-nJVAwOeq)
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An...
8.6CVSS
8AI Score
0.001EPSS
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in...
5.5CVSS
9.1AI Score
0.001EPSS
Exploit for OS Command Injection in Fortinet Fortisiem
CVE-2023-34992: Fortinet FortiSIEM Unauthenticated Command...
9.8CVSS
8AI Score
0.001EPSS
CVE-2023-52775 net/smc: avoid data corruption caused by decline
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...
6.5AI Score
0.0004EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft
ProxyShell Proof of Concept Exploit for Microsoft Exchange...
8.5AI Score
8.8AI Score
EPSS
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of...
7.5CVSS
7.5AI Score
0.002EPSS
Using Object Storage with Veeam Products
Support for S3 and S3-compatible, versioning is not required unless using object lock. With Azure Blob versioning, soft-delete, change feed, point in time restore, and immutability are not...
2.7AI Score
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.4CVSS
7.2AI Score
0.0004EPSS
Intel Thunderbolt Driver May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt driver software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP...
7CVSS
7.4AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Cisco IOS XE Software Auxiliary Asynchronous Port DoS (cisco-sa-aux-333WBz8f)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This...
5.6CVSS
5.6AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...
4.4CVSS
5.2AI Score
0.0004EPSS
When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without...
7.5CVSS
6.8AI Score
0.001EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...
6.5CVSS
7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through...
4.3CVSS
4.9AI Score
0.0004EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
SSRF via WebDAV endpoint - CVE-2019-3395
There was an SSRF vulnerability in Confluence Server and Data Center in the WebDAV plugin. A remote attacker is able to exploit this issue to send arbitrary HTTP and WebDAV requests from a Confluence Server instance. Affected versions: * All versions of Confluence Server and Confluence Data...
9.8CVSS
2.9AI Score
0.975EPSS
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Exploit for OS Command Injection in Php
PHP CGI argument injection to RCE (CVE-2024-4577) - exploit...
9.8CVSS
10AI Score
0.967EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...
8.6CVSS
6.7AI Score
0.0004EPSS
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization...
7.2CVSS
8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...
6.3AI Score
0.0004EPSS