Exploit for Code Injection in Apache Ofbiz
ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For...
9.8CVSS
6.6AI Score
0.821EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...
9.8CVSS
9.7AI Score
0.938EPSS
Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability....
8.8CVSS
9.2AI Score
0.0005EPSS
Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details ** CVEID: CVE-2023-44270 DESCRIPTION: **PostCSS could allow a remote attacker to bypass security...
9.8CVSS
9.8AI Score
0.962EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.7CVSS
4.5AI Score
0.0004EPSS
$$\ce{$\unicode[goombafont; color:red; pointer-events:...
8.6CVSS
8.7AI Score
0.945EPSS
Rockwell Automation ThinManager ThinServer Path Traversal File Upload (CVE-2023-2917)
The Rockwell Automation ThinManager ThinServer running on the remote host is affected by a path traversal vulnerability due to the lack of proper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to upload arbitrary files to any....
9.8CVSS
7.1AI Score
0.001EPSS
Rockwell Automation RSLinx Classic ENGINE.dll Stack Buffer Overflow (CVE-2019-6553)
The RSLinx Classic running on the remote host is affected by a remote code execution vulnerability due to a stack buffer overflow condition when handling an EtherNet/IP message received on TCP port 44818. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message,.....
9.8CVSS
5.6AI Score
0.072EPSS
Exploit for Logging of Excessive Data in Salesagility Suitecrm
CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...
8.6CVSS
7.2AI Score
0.0005EPSS
Exploit for Origin Validation Error in Trendmicro Apex One
NotProxyShellScanner Python implementation for NotProxyShell...
7.3AI Score
VISAM Automation Base (VBASE) Web-Remote Path Traversal (CVE-2020-7008)
The VISAM Automation Base (VBASE) Web-Remote service running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to read arbitrary files on the remote...
7.5CVSS
4.2AI Score
0.002EPSS
BMC Server Automation RSCD Agent Weak ACL NSH Arbitrary Command Execution
The BMC Server Automation RSCD agent running on the remote host is configured in such a manner as to publicly expose an API that can be used for unrestricted command execution. An unauthenticated, remote attacker can exploit this, via the NSH protocol, to execute arbitrary...
4.1AI Score
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...
9.8CVSS
9.5AI Score
0.002EPSS
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 PoC Description This repository contains a...
7.5CVSS
7.5AI Score
0.052EPSS
[SECURITY] Fedora 39 Update: nextcloud-28.0.5-2.fc39
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....
7.3AI Score
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5CVSS
6.2AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: nextcloud-28.0.5-2.fc40
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....
7.3AI Score
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...
0.0004EPSS
Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
7.2CVSS
7.7AI Score
0.0005EPSS
Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
7.2CVSS
8AI Score
0.0005EPSS
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
6.3CVSS
6.7AI Score
0.0004EPSS
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...
7.5AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Automation.
Summary IBM Workload Automation has updated OpenSSL to address multiple vulnerabilities. (CVE-2023-2650, CVE-2023-0464, CVE-2023-0466, CVE-2023-0465). Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using...
7.5CVSS
7.6AI Score
0.003EPSS
Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...
7.5CVSS
6.8AI Score
0.0004EPSS
Microsoft SQL Server Configuration Enumerator
This module will perform a series of configuration audits and security checks against a Microsoft SQL Server database. For this module to work, valid administrative user credentials must be...
7.9AI Score
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local...
6.8CVSS
7.1AI Score
0.001EPSS
Exploit for Code Injection in Vmware Spring Framework
Spring Core RCE/CVE-2022-22965 影响范围:JDK>=9...
0.1AI Score
Exploit for Out-of-bounds Write in Lenovo Diagnostics
CVE-2022-3699 Incorrect access control for the Lenovo...
7.8CVSS
7.9AI Score
0.002EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 Openfire Console Authentication Bypass...
8.6CVSS
8.1AI Score
0.973EPSS
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local...
8.8CVSS
7.6AI Score
0.0004EPSS
9.9AI Score
Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...
6.5CVSS
6.6AI Score
0.0005EPSS
Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...
6.5CVSS
6.6AI Score
0.0005EPSS
Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)
Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0...
5.9CVSS
6.1AI Score
0.0004EPSS
RHEL 8 : ansible-runner (RHSA-2022:0108)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0108 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
7.8CVSS
6.5AI Score
0.001EPSS
Exploit for OS Command Injection in Tp-Link Tl-Wr840N Firmware
CVE-2022-25064 TP-LINK TL-WR840N RCE via the function...
9.8CVSS
10AI Score
0.012EPSS
7.5CVSS
7.3AI Score
0.013EPSS
Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...
4.7CVSS
6.7AI Score
0.0004EPSS
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...
7AI Score
0.0004EPSS
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...
9.8CVSS
7AI Score
0.001EPSS
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...
5.3CVSS
7.1AI Score
0.001EPSS
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...
5.3CVSS
7.2AI Score
0.001EPSS
Jenkins plugins Multiple Vulnerabilities (2024-05-24)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files,...
4.9CVSS
5AI Score
EPSS
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** IBM X-Force ID: 270419 DESCRIPTION: **Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a...
7AI Score
Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting
Description The Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.6.2 due to insufficient input sanitization and output escaping. This makes it...
5.7AI Score
0.0004EPSS
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...
5.4CVSS
6.8AI Score
0.001EPSS
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...
0.0004EPSS
Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-24680 DESCRIPTION: **Django is vulnerable to a denial of...
9.8CVSS
10AI Score
0.024EPSS
Mitsubishi Electric Automation MC-WorX 8.x ActiveX Control Remote Code Execution
Mitsubishi Electric Automation MC-WorX version 8.x was detected on the remote Windows Host. It is, therefore, affected by a remote code execution vulnerability due a flaw in an included ActiveX control,...
4.1AI Score
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
7.4AI Score
0.002EPSS