Lucene search

K

B&R Industrial Automation Security Vulnerabilities

githubexploit
githubexploit

Exploit for CVE-2022-21449

CVE-2022-21449-TLS-PoC CVE-2022-21449 ([also dubbed Psychic...

7.5CVSS

7.5AI Score

0.001EPSS

2022-04-20 08:31 PM
465
debiancve
debiancve

CVE-2023-47855

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

6CVSS

6.3AI Score

0.0004EPSS

2024-05-16 09:16 PM
7
debiancve
debiancve

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

7.8AI Score

0.0004EPSS

2024-05-16 09:15 PM
6
metasploit
metasploit

Brocade Enable Login Check Scanner

This module will test a range of Brocade network devices for a privileged logins and report successes. The device authentication mode must be set as 'aaa authentication enable default local'. Telnet authentication, e.g. 'enable telnet authentication', should not be enabled in the device...

7.5AI Score

2015-03-06 02:41 PM
17
debiancve
debiancve

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

4.6AI Score

0.0004EPSS

2024-05-16 09:15 PM
7
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

8CVSS

8.3AI Score

0.216EPSS

2022-12-22 09:35 AM
235
githubexploit
githubexploit

Exploit for Command Injection in Ivanti Connect Secure

🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...

9.1CVSS

8.2AI Score

0.971EPSS

2024-01-20 07:15 PM
205
githubexploit
githubexploit

Exploit for Injection in Glpi-Project Glpi

CVE-2022-35914 PoC References ...

9.8CVSS

7.9AI Score

0.975EPSS

2024-04-24 06:39 AM
215
osv
osv

CVE-2018-16153

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some...

7.5CVSS

7.2AI Score

0.001EPSS

2023-12-12 05:15 PM
6
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

POC for CVE-2021-44228 This python script was created while...

10CVSS

10AI Score

0.975EPSS

2021-12-14 09:32 PM
231
ubuntucve
ubuntucve

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

3.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
4
debiancve
debiancve

CVE-2023-47210

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...

4.7CVSS

7.2AI Score

0.0004EPSS

2024-05-16 09:16 PM
2
kitploit
kitploit

Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework

Hakuin is a Blind SQL Injection (BSQLI) optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases (DB) from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of...

8.2AI Score

2024-05-15 01:56 AM
11
vulnrichment
vulnrichment

CVE-2023-38122 Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this....

7.2CVSS

7.9AI Score

0.0005EPSS

2024-05-03 01:59 AM
1
nessus
nessus

Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross- site request forgery attack. This plugin only works with Tenable.ot. Please visit...

6.5CVSS

5.2AI Score

0.001EPSS

2022-12-16 12:00 AM
13
ubuntucve
ubuntucve

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

7.6AI Score

0.0004EPSS

2024-05-16 12:00 AM
6
cvelist
cvelist

CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

7.2AI Score

0.0004EPSS

2024-05-16 03:13 PM
2
cvelist
cvelist

CVE-2023-34271 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...

7.8CVSS

8.2AI Score

0.001EPSS

2024-05-03 01:57 AM
vulnrichment
vulnrichment

CVE-2023-34269 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
osv
osv

CVE-2023-41898

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...

8.6CVSS

7.1AI Score

0.001EPSS

2023-10-19 11:15 PM
1
ubuntucve
ubuntucve

CVE-2023-47855

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

6CVSS

6AI Score

0.0004EPSS

2024-05-16 12:00 AM
4
ubuntucve
ubuntucve

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

4.7CVSS

4.6AI Score

0.0004EPSS

2024-05-16 12:00 AM
6
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 GoAnywhere MFT suffers from a...

7.2CVSS

7.7AI Score

0.969EPSS

2023-02-10 01:02 PM
381
ubuntucve
ubuntucve

CVE-2023-39929

Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

6.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
2
osv
osv

CVE-2022-41340

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature...

7.5CVSS

7.6AI Score

0.001EPSS

2022-09-24 07:15 PM
2
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

8CVSS

8.3AI Score

0.216EPSS

2022-12-22 09:35 AM
204
nessus
nessus

Hirschmann Automation and Control HiOS and HiSecOS Products Buffer Copy Without Checking Size of Input (CVE-2020-6994)

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...

9.8CVSS

7.8AI Score

0.002EPSS

2024-06-10 12:00 AM
cvelist
cvelist

CVE-2023-38122 Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this....

7.2CVSS

7.7AI Score

0.0005EPSS

2024-05-03 01:59 AM
ubuntucve
ubuntucve

CVE-2023-38417

Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...

4.3CVSS

4.9AI Score

0.0004EPSS

2024-05-16 12:00 AM
4
nessus
nessus

Rockwell Automation MicroLogix 1100 PLC < Series B FRN 12.0 MitM Replay Authentication Bypass

The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 12.0. It is, therefore, affected by an authentication bypass vulnerability due to a failure to properly restrict session replays. A man-in-the-middle attacker via HTTP traffic can....

0.6AI Score

2015-07-07 12:00 AM
9
osv
osv

CVE-2024-21666

The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

6.5CVSS

6.4AI Score

0.001EPSS

2024-01-11 01:15 AM
3
osv
osv

CVE-2024-34707

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text...

7.5CVSS

6.1AI Score

0.0004EPSS

2024-05-14 03:39 PM
3
osv
osv

CVE-2023-46853

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of...

9.8CVSS

7.1AI Score

0.001EPSS

2023-10-27 08:15 PM
16
vulnrichment
vulnrichment

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to...

7.5CVSS

6.9AI Score

0.0005EPSS

2024-05-03 01:59 AM
1
osv
osv

CVE-2022-35948

undici is an HTTP/1.1 client, written from scratch for Node.js.=&lt; [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import { request } from 'undici' const...

5.3CVSS

5.2AI Score

0.001EPSS

2022-08-15 11:21 AM
5
osv
osv

CVE-2022-40974

Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local...

5.5CVSS

6.4AI Score

0.0004EPSS

2023-05-10 02:15 PM
4
osv
osv

CVE-2020-21489

File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self...

9.8CVSS

8.1AI Score

0.01EPSS

2023-06-20 03:15 PM
1
osv
osv

CVE-2023-37301

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not...

5.3CVSS

7.1AI Score

0.001EPSS

2023-06-30 05:15 PM
3
githubexploit
githubexploit

Exploit for Untrusted Pointer Dereference in Microsoft

nullmap A very simple driver manual mapper based on my older...

8.6AI Score

2023-03-10 07:08 PM
308
githubexploit
githubexploit

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty

CVE-2024-31497 POC This vulnerability exploits the biased...

5.9CVSS

5.6AI Score

0.002EPSS

2024-05-10 02:30 PM
169
ubuntucve
ubuntucve

CVE-2023-47210

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...

4.7CVSS

5AI Score

0.0004EPSS

2024-05-16 12:00 AM
4
githubexploit
githubexploit

Exploit for Injection in Glpi-Project Glpi

Exploit Script Utility...

9.8CVSS

8.2AI Score

0.975EPSS

2024-05-29 07:54 PM
63
osv
osv

CVE-2023-22313

Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local...

2.3CVSS

6.4AI Score

0.0004EPSS

2023-11-14 07:15 PM
5
wolfi
wolfi

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: crossplane, frp, render-template, extism, harbor-registry, gomplate, aws-load-balancer-controller, capslock, volume-modifier-for-k8s, ferretdb, nri-mysql, velero-plugin-for-aws, gitsign, caddy, gitlab-shell, q, kubernetes-dashboard,...

7.5AI Score

2024-06-17 09:08 AM
2
osv
osv

CVE-2022-43320

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at...

6.1CVSS

6.1AI Score

0.001EPSS

2022-11-09 02:15 PM
3
osv
osv

CVE-2022-41646

Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local...

5.5CVSS

6.6AI Score

0.0004EPSS

2023-05-10 02:15 PM
4
osv
osv

CVE-2021-42047

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via...

5.4CVSS

6AI Score

0.001EPSS

2022-09-29 03:15 AM
3
osv
osv

CVE-2022-37409

Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local...

5.5CVSS

6.4AI Score

0.0004EPSS

2023-05-10 02:15 PM
5
osv
osv

CVE-2022-36369

Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-02-16 09:15 PM
5
osv
osv

CVE-2022-21812

Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.1AI Score

0.0004EPSS

2022-08-18 08:15 PM
1
Total number of security vulnerabilities126573