Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details ** CVEID: CVE-2023-50959 DESCRIPTION: **IBM Business Automation Workflow may allow end users to query more documents than expected from a connected Enterprise Content Management...
6.5CVSS
9.2AI Score
0.0005EPSS
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...
7.5AI Score
0.0004EPSS
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17....
4.3CVSS
4.6AI Score
0.001EPSS
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to...
7.5CVSS
7.9AI Score
0.0005EPSS
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some...
7.5CVSS
7.2AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
POC for CVE-2021-44228 This python script was created while...
10CVSS
10AI Score
0.976EPSS
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....
7.2AI Score
0.0004EPSS
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki...
6.1CVSS
6.7AI Score
0.002EPSS
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
...
7.4AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
CVE 30190 Amine TITROFINE | December 17, 2022 ...
7.8CVSS
8.5AI Score
0.966EPSS
Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway
Summary Security Vulnerabilities in Node.js and packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-31206 DESCRIPTION: **Node.js dectalk-tts module could allow a remote attacker to obtain sensitive information, caused by the use of...
8.2CVSS
8AI Score
0.0004EPSS
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit...
6.1CVSS
6.2AI Score
0.0004EPSS
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...
5.3CVSS
7.1AI Score
0.001EPSS
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...
5.3CVSS
7.2AI Score
0.001EPSS
CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...
5.3CVSS
7.7AI Score
0.0004EPSS
Root my webOS TV A simple python script that starts a telnet...
7.2AI Score
Exploit for SQL Injection in Fortinet Forticlient Enterprise Management Server
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection...
9.8CVSS
8.6AI Score
0.711EPSS
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...
6.6AI Score
0.0004EPSS
Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting
Description The Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.6.2 due to insufficient input sanitization and output escaping. This makes it...
7.1CVSS
5.7AI Score
0.0004EPSS
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...
9.8CVSS
7AI Score
0.001EPSS
An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash...
6.5CVSS
6.5AI Score
0.001EPSS
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero...
4.8CVSS
7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in...
6.7AI Score
0.0004EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
0.0004EPSS
Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to...
8.8CVSS
8.9AI Score
0.0005EPSS
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target.....
8CVSS
8.2AI Score
0.001EPSS
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...
7.8CVSS
8AI Score
0.001EPSS
Improper handling of JavaScript whitespace in html/template
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...
9.8CVSS
9.6AI Score
0.003EPSS
Exploit for Uncontrolled Resource Consumption in Ietf Http
CVE-2023-44487 Basic vulnerability scanning to see if web...
7.5CVSS
6.7AI Score
0.732EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
0.0004EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
6.4AI Score
0.0004EPSS
9.8CVSS
8.2AI Score
0.974EPSS
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...
5.4CVSS
6.8AI Score
0.001EPSS
7.8AI Score
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...
8CVSS
8.3AI Score
0.216EPSS
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...
7.2AI Score
0.0004EPSS
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...
7.2CVSS
7.7AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
10CVSS
6.7AI Score
0.001EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, snyk-cli, spicedb, velero-plugin-for-aws, ollama, kube-vip, timestamp-authority, pulumi-language-dotnet, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic, nri-nginx,....
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, spicedb, temporal-server, velero-plugin-for-aws, ollama, timestamp-authority, pulumi-language-dotnet, hubble, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic,...
6.8AI Score
0.0004EPSS
Jenkins plugins Multiple Vulnerabilities (2023-10-25)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: High GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes. This results in a...
8.1CVSS
5.5AI Score
0.001EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's mark_safe() API when rendering certain...
7.1CVSS
5.3AI Score
0.001EPSS
8.2CVSS
8.2AI Score
0.082EPSS
9.8CVSS
8.6AI Score
0.035EPSS
JBWPer | CVE-2022-4061 - JobBoardWP Automatic Mass Tool for...
7.7AI Score
Exploit for Code Injection in Vmware Spring Framework
Spring Core RCE/CVE-2022-22965 影响范围:JDK>=9...
0.1AI Score
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
CVE 30190 Amine TITROFINE | December 17, 2022 ...
8.2AI Score