Lucene search

K

AVEVA Software, LLC. Security Vulnerabilities

osv
osv

CVE-2022-39063

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without...

7.5CVSS

6.8AI Score

0.001EPSS

2022-09-16 07:15 PM
1
nvd
nvd

CVE-2023-48747

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 11:15 AM
1
nessus
nessus

Malicious File Detection: APT1 Software on System

The md5sum of one or more files on the remote Windows host matches the signature distributed by Mandiant of software known to be involved in corporate espionage by a unit called APT1. Verify that the remote files are legitimate and authorized in your...

2.1AI Score

2016-04-11 12:00 AM
13
cve
cve

CVE-2024-29773

Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through...

7.1CVSS

8.7AI Score

0.0004EPSS

2024-03-27 02:15 PM
28
cve
cve

CVE-2024-32947

Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-04-24 03:15 PM
33
cve
cve

CVE-2006-4194

Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working.....

6.8AI Score

0.018EPSS

2006-08-17 01:04 AM
33
tibco
tibco

TIBCO Security Advisory: May 28, 2024 - TIBCO Managed File Transfer Platform Server for Unix - CVE-2024-4407

TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...

7.8AI Score

EPSS

2024-05-28 05:53 PM
7
osv
osv

CVE-2023-25828

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization...

7.2CVSS

8AI Score

0.001EPSS

2023-03-27 05:15 PM
2
nessus
nessus

JIRA Service Desk Installed (Linux)

Jira Service Desk is now part of Jira Service Management. Jira Service Desk, a help desk support software, was found on the remote host. This plugin may require the use of thorough_tests to detect the...

7.3AI Score

2019-09-26 12:00 AM
6
cve
cve

CVE-2023-51511

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...

6.5CVSS

7.2AI Score

0.0004EPSS

2024-06-04 01:15 PM
12
cvelist
cvelist

CVE-2023-51511 WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 12:22 PM
vulnrichment
vulnrichment

CVE-2024-32562 WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...

8.6CVSS

6.7AI Score

0.0004EPSS

2024-04-18 10:01 AM
2
cve
cve

CVE-2024-31360

Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-04-12 01:15 PM
24
vulnrichment
vulnrichment

CVE-2024-31360 WordPress Benchmark Email Lite plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-04-12 12:23 PM
nvd
nvd

CVE-2023-52843

In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packets without mac len...

6.3AI Score

0.0004EPSS

2024-05-21 04:15 PM
cve
cve

CVE-2024-29760

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through...

7.1CVSS

9.3AI Score

0.0004EPSS

2024-03-27 02:15 PM
31
nessus
nessus

JIRA Service Desk Installed (Windows)

Jira Service Desk is now part of Jira Service Management. Jira Service Desk, a help desk support software, was found on the remote...

7.4AI Score

2019-09-23 12:00 AM
13
veeam
veeam

Console Error - Failed to connect to Veeam Backup & Replication Server

Console Error - Failed to connect to Veeam Backup & Replication...

1.9AI Score

2016-04-21 12:00 AM
4
nvd
nvd

CVE-2023-51511

Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 01:15 PM
1
cvelist
cvelist

CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

0.001EPSS

2024-06-10 11:19 AM
7
nvd
nvd

CVE-2024-35635

Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

4.4CVSS

5.2AI Score

0.0004EPSS

2024-06-03 10:15 AM
1
cve
cve

CVE-2024-33538

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-04-29 08:15 AM
23
cvelist
cvelist

CVE-2024-33538 WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-04-29 07:50 AM
ibm
ibm

Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks

Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard parameters. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version....

4.3CVSS

7AI Score

0.0004EPSS

2024-05-01 01:12 PM
10
cvelist
cvelist

CVE-2024-0496 Kashipara Billing Software HTTP POST Request item_list_edit.php sql injection

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...

6.3CVSS

10AI Score

0.001EPSS

2024-01-13 05:00 PM
cvelist
cvelist

CVE-2024-29760 WordPress Booster for WooCommerce plugin <= 7.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-03-27 01:16 PM
cvelist
cvelist

CVE-2024-25097 WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-13 03:58 PM
vulnrichment
vulnrichment

CVE-2024-0496 Kashipara Billing Software HTTP POST Request item_list_edit.php sql injection

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...

6.3CVSS

7.5AI Score

0.001EPSS

2024-01-13 05:00 PM
1
rocky
rocky

NetworkManager-libreswan bug fix update

An update is available for NetworkManager-libreswan. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package contains software for integrating the...

7.3AI Score

2024-06-14 02:00 PM
4
cve
cve

CVE-2024-32562

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Stored XSS.This issue affects Z Y N I T H: from n/a through...

8.6CVSS

8.3AI Score

0.0004EPSS

2024-04-18 10:15 AM
35
nuclei
nuclei

Reprise License Manager 14.2 - Information Disclosure

Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory...

5.3CVSS

5.4AI Score

0.053EPSS

2022-04-10 07:11 AM
nessus
nessus

Cisco Firepower Threat Defense Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
2
cve
cve

CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu-&gt;pdev, NULL); as gpu-&gt;...

6.6AI Score

0.0004EPSS

2024-06-21 11:15 AM
17
veeam
veeam

"HTTP protocol is not supported, please use HTTPS." Error When Adding Object Storage

Veeam Backup & Replication does not support connection to S3 compatible object storage over HTTP. Make sure that your S3 compatible object storage supports HTTPS protocol and has the necessary certificate...

7AI Score

2024-05-13 12:00 AM
5
veeam
veeam

VSS errors related to NTDS writer failures

Veeam Backup fails due to NTDS...

2.6AI Score

2012-12-03 12:00 AM
5
githubexploit
githubexploit

Exploit for Code Injection in Apache Ofbiz

Apache OFBiz Authentication Bypass Vulnerability...

8AI Score

2024-01-02 02:20 PM
32
githubexploit
githubexploit

Exploit for Server-Side Request Forgery in Anyscale Ray

PoC for a remote command execution vulnerability in Ray...

9.8CVSS

7.9AI Score

0.014EPSS

2024-03-29 09:54 AM
90
cvelist
cvelist

CVE-2024-38390 drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu-&gt;pdev, NULL); as gpu-&gt;...

0.0004EPSS

2024-06-21 10:18 AM
1
githubexploit
githubexploit

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order...

10CVSS

8.1AI Score

0.001EPSS

2024-05-20 02:34 PM
202
cve
cve

CVE-2024-25097

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-03-13 04:15 PM
15
osv
osv

CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2...

9.8CVSS

6.9AI Score

0.002EPSS

2022-06-28 06:15 PM
10
cvelist
cvelist

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

8.2AI Score

0.0004EPSS

2024-05-17 08:34 AM
osv
osv

CVE-2022-39373

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to.....

4.9CVSS

7AI Score

0.001EPSS

2022-11-03 04:15 PM
1
nessus
nessus

Cisco Adaptive Security Appliance Software SSL/TLS DoS (cisco-sa-asaftd-ssl-dos-uu7mV5p6)

A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to...

8.6CVSS

7.3AI Score

0.001EPSS

2024-06-11 12:00 AM
4
vulnrichment
vulnrichment

CVE-2023-46784 WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...

8.2CVSS

6.8AI Score

0.0004EPSS

2024-05-17 08:34 AM
nvd
nvd

CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu-&gt;pdev, NULL); as gpu-&gt;...

0.0004EPSS

2024-06-21 11:15 AM
1
osv
osv

CVE-2022-39371

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has.....

7.5CVSS

6.5AI Score

0.001EPSS

2022-11-03 04:15 PM
1
nuclei
nuclei

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is...

6.1CVSS

6.2AI Score

0.003EPSS

2022-04-10 07:11 AM
osv
osv

CVE-2023-42461

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised.....

9.8CVSS

8.1AI Score

0.001EPSS

2023-09-27 03:19 PM
7
nessus
nessus

Cisco ASA Software and FTD Software Web Services Interface XSS (cisco-sa-asaftd-xss-multiple-FCB3vPZe) (Direct Check)

The version of Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software running on the remote web server is affected by a cross-site scripting vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to...

6.1CVSS

2.6AI Score

0.971EPSS

2021-07-07 12:00 AM
152
Total number of security vulnerabilities624175