Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

osv
osv

CVE-2022-39373

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to.....

4.9CVSS

7AI Score

0.001EPSS

2022-11-03 04:15 PM
1
githubexploit
githubexploit

Exploit for CVE-2024-29824

CVE-2024-29824: Ivanti EPM SQL Injection Remote Code...

9.6CVSS

9.1AI Score

0.001EPSS

2024-06-12 01:53 PM
81
github
github

silverstripe/userforms file upload exposure on UserForms module

The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...

7AI Score

2024-05-28 05:21 PM
6
cvelist
cvelist

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

8.2AI Score

0.0004EPSS

2024-05-17 08:34 AM
osv
osv

CVE-2022-39371

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has.....

7.5CVSS

6.5AI Score

0.001EPSS

2022-11-03 04:15 PM
1
nuclei
nuclei

Reprise License Manager 14.2 - Information Disclosure

Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory...

5.3CVSS

5.4AI Score

0.053EPSS

2022-04-10 07:11 AM
githubexploit
githubexploit

Exploit for Improper Input Validation in Amd Radeon Software

CVE-2023-31320 Proof of concept code...

7.5CVSS

7.6AI Score

0.0005EPSS

2023-08-22 09:15 PM
299
vulnrichment
vulnrichment

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

6.8AI Score

0.0004EPSS

2024-05-17 08:34 AM
nessus
nessus

Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities

According to its self-reported version, Cisco Wireless LAN Controller (WLC) is affected by following multiple vulnerabilities Multiple vulnerabilities in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an ...

6.5CVSS

6.7AI Score

0.001EPSS

2019-04-26 12:00 AM
9
ibm
ibm

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

9.8CVSS

10AI Score

EPSS

2024-05-07 07:21 PM
15
osv
osv

CVE-2023-42462

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version...

9.1CVSS

7.1AI Score

0.0005EPSS

2023-09-27 03:19 PM
5
cve
cve

CVE-2023-46784

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

6.7AI Score

0.0004EPSS

2024-05-17 09:15 AM
57
osv
osv

CVE-2023-42461

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised.....

9.8CVSS

8.1AI Score

0.001EPSS

2023-09-27 03:19 PM
6
veeam
veeam

Validator CLI Tool Fails to Process VMs in Per-machine backup with separate metadata files

Due to a known issue, the Veeam Backup Validator cannot identify the individual child backup IDs of a backup chain in the Per-machine backup with separate metadata files...

6.8AI Score

2023-09-08 12:00 AM
4
nessus
nessus

Cisco NX-OS Software Unexpected IP in IP Packet Processing (CVE-2020-10136)

Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access...

5.3CVSS

5.5AI Score

0.011EPSS

2023-07-25 12:00 AM
15
osv
osv

CVE-2023-41326

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...

8.8CVSS

7.1AI Score

0.001EPSS

2023-09-27 03:19 PM
3
osv
osv

CVE-2023-41320

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to...

9.8CVSS

8.3AI Score

0.001EPSS

2023-09-27 03:19 PM
3
openbugbounty
openbugbounty

software-dl.ti.com Cross Site Scripting vulnerability OBB-3852622

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-14 01:05 PM
7
nuclei
nuclei

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is...

6.1CVSS

6.2AI Score

0.003EPSS

2022-04-10 07:11 AM
githubexploit
githubexploit

Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyShell Proof of Concept Exploit for Microsoft Exchange...

8.5AI Score

2021-09-04 03:34 PM
222
osv
osv

CVE-2022-39323

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please...

9.8CVSS

7.8AI Score

0.001EPSS

2022-11-03 03:15 PM
1
nessus
nessus

Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
1
rocky
rocky

NetworkManager-libreswan bug fix update

An update is available for NetworkManager-libreswan. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package contains software for integrating the...

7.3AI Score

2024-06-14 02:00 PM
3
osv
osv

CVE-2021-36711

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is...

9.8CVSS

9.9AI Score

0.74EPSS

2022-07-16 05:15 PM
3
githubexploit
githubexploit

Exploit for CVE-2024-1403

CVE-2024-1403 Progress OpenEdge Authentication Bypass An...

10CVSS

7.2AI Score

0.0004EPSS

2024-03-06 03:27 PM
262
githubexploit
githubexploit

Exploit for Forced Browsing in Fortra Goanywhere Managed File Transfer

CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script...

9.8CVSS

9.8AI Score

0.501EPSS

2024-01-23 08:16 PM
214
githubexploit
githubexploit

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order...

10CVSS

8.1AI Score

0.001EPSS

2024-05-20 02:34 PM
195
nessus
nessus

Cisco Adaptive Security Appliance Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
hackread
hackread

AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain

By Waqas The Llama Drama vulnerability in the Llama-cpp-Python package exposes AI models to remote code execution (RCE) attacks, enabling attackers to steal data. Currently, over 6,000 models are affected by this vulnerability. This is a post from HackRead.com Read the original post: AI Python...

8.1AI Score

2024-05-20 11:05 AM
17
veeam
veeam

How to uninstall Veeam CDP VAIO filter driver manually

Veeam Support Knowledge Base answer to: How to uninstall Veeam CDP VAIO filter driver...

2.8AI Score

2021-04-22 12:00 AM
7
githubexploit
githubexploit

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2023-34992: Fortinet FortiSIEM Unauthenticated Command...

9.8CVSS

8AI Score

0.001EPSS

2024-05-17 12:07 PM
49
redos
redos

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

7.5CVSS

7.4AI Score

0.002EPSS

2024-05-29 12:00 AM
8
nessus
nessus

Intel Dynamic Tuning Technology Software Privilege Escalation (INTEL-SA-00984)

Improper access control in the Intel DTT Software before version 8.7.10802.26924 may allow an authenticated user to potentially enable escalation of privilege via local access. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

7.9CVSS

7.5AI Score

0.0004EPSS

2024-05-17 12:00 AM
5
osv
osv

CVE-2023-41888

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page.....

5.4CVSS

7AI Score

0.0005EPSS

2023-09-27 03:19 PM
4
ubuntucve
ubuntucve

CVE-2022-21720

(GLPI is a free asset and IT management software package. Prior to vers...

4.9CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
ubuntucve
ubuntucve

CVE-2023-28632

(GLPI is a free asset and IT management software package. Starting in v...

8.1CVSS

7AI Score

0.001EPSS

2024-06-11 12:00 AM
osv
osv

Silverstripe XSS vulnerability via VirtualPage

A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...

6.3AI Score

2024-05-22 06:53 PM
2
nuclei
nuclei

OpenCMS 14 & 15 - Cross Site Scripting

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury'...

6.1CVSS

5.8AI Score

0.001EPSS

2024-01-03 11:54 AM
8
nuclei
nuclei

Apache Struts - Multiple Open Redirection Vulnerabilities

Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied...

8.1AI Score

0.972EPSS

2021-06-09 10:02 AM
4
osv
osv

Silverstripe History XSS Vulnerability

A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...

6.3AI Score

2024-05-22 06:25 PM
2
nessus
nessus

Cisco Adaptive Security Appliance Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level.....

6CVSS

6.8AI Score

0.001EPSS

2024-04-25 12:00 AM
37
fedora

7.3AI Score

2024-06-02 03:39 AM
1
osv
osv

CVE-2020-35675

BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to...

8.8CVSS

7AI Score

0.001EPSS

2022-09-29 03:15 AM
2
redos
redos

ROS-20240607-03

A vulnerability in the lrzip.c:initialize_control component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability.....

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-07 12:00 AM
1
osv
osv

CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2...

6.9AI Score

0.002EPSS

2022-06-28 06:15 PM
10
osv
osv

CVE-2023-41323

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There.....

5.3CVSS

7.2AI Score

0.001EPSS

2023-09-27 03:19 PM
5
redos
redos

ROS-20240611-02

The vulnerability of Tss2_RC_Decode and Tss2_RC_SetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and...

6.4CVSS

7.3AI Score

EPSS

2024-06-11 12:00 AM
nessus
nessus

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-asaftd-persist-rce-FLsNXF4h)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level...

6CVSS

6.8AI Score

0.001EPSS

2024-04-25 12:00 AM
41
cvelist
cvelist

CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...

5.3CVSS

5.4AI Score

0.001EPSS

2024-06-05 08:28 AM
1
Total number of security vulnerabilities622541