When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without...
7.5CVSS
6.8AI Score
0.001EPSS
Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization...
7.2CVSS
8AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version...
9.1CVSS
7.1AI Score
0.0005EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has.....
7.5CVSS
6.5AI Score
0.001EPSS
Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks
Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard parameters. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version....
4.3CVSS
7AI Score
0.0004EPSS
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164: Apache Struts path traversal to RCE...
9.8CVSS
10AI Score
0.09EPSS
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...
4.3CVSS
6.8AI Score
0.0004EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised.....
9.8CVSS
8.1AI Score
0.001EPSS
Exploit for Incorrect Authorization in Ivanti Mobileiron Sentry
CVE-2023-38035 POC for CVE-2023-38035 affecting Ivanti Sentry...
9.8CVSS
10.3AI Score
0.975EPSS
Exploit for Forced Browsing in Fortra Goanywhere Managed File Transfer
CVE-2024-0204: Authentication Bypass in GoAnywhere MFT Script...
9.8CVSS
9.8AI Score
0.582EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please...
9.8CVSS
7.8AI Score
0.001EPSS
Cisco NX-OS Software Unexpected IP in IP Packet Processing (CVE-2020-10136)
Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access...
5.3CVSS
5.5AI Score
0.015EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a...
8.2CVSS
6.7AI Score
0.0004EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...
8.8CVSS
7.1AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to...
9.8CVSS
8.3AI Score
0.001EPSS
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages openvpn - virtual private network software Details It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using...
9.8CVSS
7.5AI Score
0.007EPSS
7.8CVSS
8AI Score
0.0004EPSS
silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
The version of Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software running on the remote web server is affected by a cross-site scripting vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to...
6.1CVSS
2.6AI Score
0.971EPSS
K000140189: Linux kernel vulnerability CVE-2021-47572
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....
5.5CVSS
6.4AI Score
0.0004EPSS
Cisco Wireless LAN Controller Software IAPP Message Handling Denial of Service Vulnerabilities
According to its self-reported version, Cisco Wireless LAN Controller (WLC) is affected by following multiple vulnerabilities Multiple vulnerabilities in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an ...
6.5CVSS
6.7AI Score
0.001EPSS
Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-22745) Jurgen Repp and Andreas Fuchs discovered...
6.4CVSS
7.2AI Score
EPSS
10CVSS
7.2AI Score
0.0004EPSS
0.2AI Score
The vulnerability of Tss2_RC_Decode and Tss2_RC_SetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and...
6.4CVSS
7.3AI Score
EPSS
Atlassian Confluence Installed (Windows)
Atlassian Confluence was detected on the remote Windows...
2.2AI Score
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...
10CVSS
7.7AI Score
0.048EPSS
Atlassian JIRA Installed (Windows)
Atlassian JIRA, issue tracking software, was detected on the remote Windows...
3.1AI Score
Atlassian Confluence Installed (Linux)
Atlassian Confluence was detected on the remote Linux...
1.4AI Score
Exploit for Incorrect Authorization in Telegram
Disclaimer This exploit has been created solely for the...
5.5CVSS
5.5AI Score
0.0004EPSS
Exploit for Command Injection in Vmware Aria Operations For Networks
CVE-2023-20887 POC for CVE-2023-20887 VMWare Aria Operations...
9.8CVSS
10AI Score
0.971EPSS
OpenCMS 14 & 15 - Cross Site Scripting
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury'...
6.1CVSS
5.8AI Score
0.001EPSS
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
5.3CVSS
5.4AI Score
0.001EPSS
Exploit for Improper Access Control in Papercut Papercut Mf
CVE-2023-27350 POC for CVE-2023-27350 affecting PaperCut...
9.8CVSS
9.8AI Score
0.971EPSS
Apache Struts - Multiple Open Redirection Vulnerabilities
Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied...
8.1AI Score
0.972EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page.....
5.4CVSS
7AI Score
0.0005EPSS
U.S. Dept Of Defense: Subdomain takeover ████████.mil
Description: The subdomain █████.mil is pointing to peosol-lg.███████., the domain ██████ is currently available for registration as can be seen at https://www.godaddy.com/nl-nl/domainsearch/find?domainToCheck=█████ Given the rules, residency of the US, of the us-tld I decided not to register the.....
6.5AI Score
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...
5.9AI Score
0.0004EPSS
A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....
5.8CVSS
7.2AI Score
0.0004EPSS
CVE-2024-1272 Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before...
5.3CVSS
7.1AI Score
0.001EPSS
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5...
9.8CVSS
-0.1AI Score
0.975EPSS
Atlassian Jira Installed (Unix / Linux)
Atlassian JIRA, issue tracking software, was detected on the remote Unix / Linux...
2.3AI Score
Atlassian JIRA Plugins Detection
The Atlassian JIRA application running on the remote host has plugins installed and...
2AI Score
A vulnerability in the lrzip.c:initialize_control component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability.....
9.8CVSS
7.5AI Score
0.001EPSS
silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument....
2.4CVSS
6.1AI Score
0.0004EPSS
The remote host is running Atlassian Bamboo, a continuous integration server written in...
1.4AI Score
CVE-2023-21725 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
...
6.3CVSS
6.5AI Score
0.0004EPSS
Exploit for Race Condition in Microsoft
CVE-2023-36884: MS Office HTML RCE with crafted documents On...
7.5CVSS
8.2AI Score
0.115EPSS
CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...
9CVSS
7AI Score
EPSS