Lucene search

K

B&R Industrial Automation Security Vulnerabilities

githubexploit
githubexploit

Exploit for Code Injection in Apache Ofbiz

ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For...

9.8CVSS

6.6AI Score

0.821EPSS

2023-12-14 09:32 AM
349
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...

9.8CVSS

9.7AI Score

0.938EPSS

2024-06-05 01:05 AM
113
cvelist
cvelist

CVE-2023-50219 Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability....

8.8CVSS

9.2AI Score

0.0005EPSS

2024-05-03 02:14 AM
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details ** CVEID: CVE-2023-44270 DESCRIPTION: **PostCSS could allow a remote attacker to bypass security...

9.8CVSS

9.8AI Score

0.962EPSS

2024-03-28 10:31 PM
22
osv
osv

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

4.5AI Score

0.0004EPSS

2024-05-16 09:15 PM
6
githubexploit

8.6CVSS

8.7AI Score

0.945EPSS

2024-05-31 09:43 AM
74
nessus
nessus

Rockwell Automation ThinManager ThinServer Path Traversal File Upload (CVE-2023-2917)

The Rockwell Automation ThinManager ThinServer running on the remote host is affected by a path traversal vulnerability due to the lack of proper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to upload arbitrary files to any....

9.8CVSS

7.1AI Score

0.001EPSS

2023-08-25 12:00 AM
3
nessus
nessus

Rockwell Automation RSLinx Classic ENGINE.dll Stack Buffer Overflow (CVE-2019-6553)

The RSLinx Classic running on the remote host is affected by a remote code execution vulnerability due to a stack buffer overflow condition when handling an EtherNet/IP message received on TCP port 44818. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message,.....

9.8CVSS

5.6AI Score

0.072EPSS

2019-03-22 12:00 AM
19
githubexploit
githubexploit

Exploit for Logging of Excessive Data in Salesagility Suitecrm

CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...

8.6CVSS

7.2AI Score

0.0005EPSS

2024-06-09 07:18 AM
13
githubexploit
githubexploit

Exploit for Origin Validation Error in Trendmicro Apex One

NotProxyShellScanner Python implementation for NotProxyShell...

7.3AI Score

2022-10-07 08:10 AM
23
nessus
nessus

VISAM Automation Base (VBASE) Web-Remote Path Traversal (CVE-2020-7008)

The VISAM Automation Base (VBASE) Web-Remote service running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to read arbitrary files on the remote...

7.5CVSS

4.2AI Score

0.002EPSS

2022-03-01 12:00 AM
9
nessus
nessus

BMC Server Automation RSCD Agent Weak ACL NSH Arbitrary Command Execution

The BMC Server Automation RSCD agent running on the remote host is configured in such a manner as to publicly expose an API that can be used for unrestricted command execution. An unauthenticated, remote attacker can exploit this, via the NSH protocol, to execute arbitrary...

4.1AI Score

2016-07-05 12:00 AM
29
osv
osv

CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

9.8CVSS

9.5AI Score

0.002EPSS

2023-03-02 04:15 AM
5
githubexploit
githubexploit

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 PoC Description This repository contains a...

7.5CVSS

7.5AI Score

0.052EPSS

2024-03-19 04:28 PM
152
fedora
fedora

[SECURITY] Fedora 39 Update: nextcloud-28.0.5-2.fc39

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....

7.3AI Score

2024-05-28 01:21 AM
9
osv
osv

CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local...

6.5CVSS

6.2AI Score

0.001EPSS

2023-08-11 03:15 AM
65
fedora
fedora

[SECURITY] Fedora 40 Update: nextcloud-28.0.5-2.fc40

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....

7.3AI Score

2024-05-28 01:09 AM
6
cvelist
cvelist

CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...

0.0004EPSS

2024-06-14 02:17 PM
3
cvelist
cvelist

CVE-2023-50220 Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

7.2CVSS

7.7AI Score

0.0005EPSS

2024-05-03 02:14 AM
vulnrichment
vulnrichment

CVE-2023-50220 Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

7.2CVSS

8AI Score

0.0005EPSS

2024-05-03 02:14 AM
osv
osv

CVE-2024-36112

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...

6.3CVSS

6.7AI Score

0.0004EPSS

2024-05-28 11:15 PM
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary...

7.5AI Score

0.001EPSS

2024-04-24 04:00 PM
23
ibm
ibm

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Automation.

Summary IBM Workload Automation has updated OpenSSL to address multiple vulnerabilities. (CVE-2023-2650, CVE-2023-0464, CVE-2023-0466, CVE-2023-0465). Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using...

7.5CVSS

7.6AI Score

0.003EPSS

2024-04-18 03:34 PM
13
osv
osv

CVE-2022-21216

Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...

7.5CVSS

6.8AI Score

0.0004EPSS

2023-02-16 08:15 PM
12
metasploit
metasploit

Microsoft SQL Server Configuration Enumerator

This module will perform a series of configuration audits and security checks against a Microsoft SQL Server database. For this module to work, valid administrative user credentials must be...

7.9AI Score

2009-10-19 04:58 AM
35
osv
osv

CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local...

6.8CVSS

7.1AI Score

0.001EPSS

2023-10-06 02:15 PM
4
githubexploit
githubexploit

Exploit for Code Injection in Vmware Spring Framework

Spring Core RCE/CVE-2022-22965 影响范围:JDK>=9...

0.1AI Score

2022-03-31 12:41 PM
152
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Lenovo Diagnostics

CVE-2022-3699 Incorrect access control for the Lenovo...

7.8CVSS

7.9AI Score

0.002EPSS

2022-11-09 02:15 PM
1008
githubexploit
githubexploit

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 Openfire Console Authentication Bypass...

8.6CVSS

8.1AI Score

0.973EPSS

2023-06-18 03:42 PM
414
osv
osv

CVE-2023-23583

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local...

8.8CVSS

7.6AI Score

0.0004EPSS

2023-11-14 07:15 PM
6
githubexploit
githubexploit

Exploit for CVE-2021-3129

Laravel-debug-Checker...

9.9AI Score

2022-12-10 03:32 AM
182
vulnrichment
vulnrichment

CVE-2023-32171 Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability

Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...

6.5CVSS

6.6AI Score

0.0005EPSS

2024-05-03 01:56 AM
cvelist
cvelist

CVE-2023-32171 Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability

Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...

6.5CVSS

6.6AI Score

0.0005EPSS

2024-05-03 01:56 AM
ibm
ibm

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)

Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-17 08:57 PM
8
nessus
nessus

RHEL 8 : ansible-runner (RHSA-2022:0108)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0108 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

7.8CVSS

6.5AI Score

0.001EPSS

2024-04-28 12:00 AM
3
githubexploit
githubexploit

Exploit for OS Command Injection in Tp-Link Tl-Wr840N Firmware

CVE-2022-25064 TP-LINK TL-WR840N RCE via the function...

9.8CVSS

10AI Score

0.012EPSS

2022-03-01 03:10 PM
626
githubexploit
githubexploit

Exploit for CVE-2024-4956

CVE-2024-4956 : Nexus Repository Manager 3 Dork: ...

7.5CVSS

7.3AI Score

0.013EPSS

2024-05-28 03:05 PM
60
veracode
veracode

Denial Of Service (DOS)

Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...

4.7CVSS

6.7AI Score

0.0004EPSS

2024-05-16 07:43 PM
2
vulnrichment
vulnrichment

CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

7AI Score

0.0004EPSS

2024-06-14 04:50 PM
1
osv
osv

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...

9.8CVSS

7AI Score

0.001EPSS

2023-06-30 05:15 PM
3
osv
osv

CVE-2023-37305

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...

5.3CVSS

7.1AI Score

0.001EPSS

2023-06-30 05:15 PM
4
osv
osv

CVE-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...

5.3CVSS

7.2AI Score

0.001EPSS

2023-06-30 05:15 PM
5
nessus
nessus

Jenkins plugins Multiple Vulnerabilities (2024-05-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files,...

4.9CVSS

5AI Score

EPSS

2024-05-24 12:00 AM
14
ibm
ibm

Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow (IBM X-Force ID 270419)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** IBM X-Force ID: 270419 DESCRIPTION: **Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a...

7AI Score

2024-03-27 03:56 PM
7
wpvulndb
wpvulndb

Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting

Description The Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.6.2 due to insufficient input sanitization and output escaping. This makes it...

5.7AI Score

0.0004EPSS

2024-05-15 12:00 AM
2
osv
osv

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...

5.4CVSS

6.8AI Score

0.001EPSS

2022-09-29 03:15 AM
4
cvelist
cvelist

CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

0.0004EPSS

2024-06-14 04:50 PM
1
ibm
ibm

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.1 addresses multiple existing security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-24680 DESCRIPTION: **Django is vulnerable to a denial of...

9.8CVSS

10AI Score

0.024EPSS

2024-04-02 10:47 AM
14
nessus
nessus

Mitsubishi Electric Automation MC-WorX 8.x ActiveX Control Remote Code Execution

Mitsubishi Electric Automation MC-WorX version 8.x was detected on the remote Windows Host. It is, therefore, affected by a remote code execution vulnerability due a flaw in an included ActiveX control,...

4.1AI Score

2014-02-26 12:00 AM
16
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....

7.4AI Score

0.002EPSS

2024-04-24 04:00 PM
24
Total number of security vulnerabilities126566