Lucene search

K

B&R Industrial Automation Security Vulnerabilities

ibm
ibm

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow - CVE-2023-50959

Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details ** CVEID: CVE-2023-50959 DESCRIPTION: **IBM Business Automation Workflow may allow end users to query more documents than expected from a connected Enterprise Content Management...

6.5CVSS

9.2AI Score

0.0005EPSS

2024-04-02 10:15 AM
16
cve
cve

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

7.5AI Score

0.0004EPSS

2024-06-25 04:15 PM
3
cvelist
cvelist

CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17....

4.3CVSS

4.6AI Score

0.001EPSS

2024-05-23 05:32 AM
cvelist
cvelist

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to...

7.5CVSS

7.9AI Score

0.0005EPSS

2024-05-03 01:59 AM
osv
osv

CVE-2018-16153

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some...

7.5CVSS

7.2AI Score

0.001EPSS

2023-12-12 05:15 PM
6
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

POC for CVE-2021-44228 This python script was created while...

10CVSS

10AI Score

0.976EPSS

2021-12-14 09:32 PM
233
ubuntucve
ubuntucve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

7.2AI Score

0.0004EPSS

2024-06-08 12:00 AM
1
osv
osv

BIT-mediawiki-2020-10959

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki...

6.1CVSS

6.7AI Score

0.002EPSS

2024-03-06 11:14 AM
4
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
91
githubexploit
githubexploit

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

CVE 30190 Amine TITROFINE | December 17, 2022 ...

7.8CVSS

8.5AI Score

0.966EPSS

2023-05-14 01:38 PM
181
ibm
ibm

Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js and packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-31206 DESCRIPTION: **Node.js dectalk-tts module could allow a remote attacker to obtain sensitive information, caused by the use of...

8.2CVSS

8AI Score

0.0004EPSS

2024-05-17 01:55 PM
3
cvelist
cvelist

CVE-2024-4563 The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-05-22 05:01 PM
2
osv
osv

CVE-2023-37305

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...

5.3CVSS

7.1AI Score

0.001EPSS

2023-06-30 05:15 PM
4
osv
osv

CVE-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...

5.3CVSS

7.2AI Score

0.001EPSS

2023-06-30 05:15 PM
5
osv
osv

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security...

5.3CVSS

7.7AI Score

0.0004EPSS

2024-06-13 02:15 PM
1
githubexploit
githubexploit

Exploit for CVE-2023-6319

Root my webOS TV A simple python script that starts a telnet...

7.2AI Score

2024-04-11 06:58 PM
135
githubexploit
githubexploit

Exploit for SQL Injection in Fortinet Forticlient Enterprise Management Server

CVE-2023-48788 Fortinet FortiClient EMS SQL Injection...

9.8CVSS

8.6AI Score

0.711EPSS

2024-03-18 08:50 PM
96
cve
cve

CVE-2024-37368

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...

6.6AI Score

0.0004EPSS

2024-06-14 03:15 PM
23
wpvulndb
wpvulndb

Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting

Description The Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.6.2 due to insufficient input sanitization and output escaping. This makes it...

7.1CVSS

5.7AI Score

0.0004EPSS

2024-05-15 12:00 AM
2
osv
osv

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...

9.8CVSS

7AI Score

0.001EPSS

2023-06-30 05:15 PM
3
osv
osv

CVE-2021-42049

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash...

6.5CVSS

6.5AI Score

0.001EPSS

2022-09-29 03:15 AM
2
osv
osv

CVE-2021-42048

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero...

4.8CVSS

7AI Score

0.001EPSS

2022-09-29 03:15 AM
6
debiancve
debiancve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in...

6.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
1
cvelist
cvelist

CVE-2024-37677

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...

0.0004EPSS

2024-06-24 12:00 AM
2
cve
cve

CVE-2023-50221

Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to...

8.8CVSS

8.9AI Score

0.0005EPSS

2024-05-03 03:16 AM
25
cve
cve

CVE-2023-39474

Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target.....

8CVSS

8.2AI Score

0.001EPSS

2024-05-03 03:15 AM
24
cve
cve

CVE-2023-34269

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
25
osv
osv

Improper handling of JavaScript whitespace in html/template

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...

9.8CVSS

9.6AI Score

0.003EPSS

2023-05-05 09:10 PM
10
githubexploit
githubexploit

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 Basic vulnerability scanning to see if web...

7.5CVSS

6.7AI Score

0.732EPSS

2023-10-10 02:20 PM
1215
nvd
nvd

CVE-2024-37677

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...

0.0004EPSS

2024-06-24 07:15 PM
2
cve
cve

CVE-2024-37677

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...

6.4AI Score

0.0004EPSS

2024-06-24 07:15 PM
9
githubexploit
githubexploit

Exploit for Injection in Glpi-Project Glpi

Exploit Script Utility...

9.8CVSS

8.2AI Score

0.974EPSS

2024-05-29 07:54 PM
74
osv
osv

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...

5.4CVSS

6.8AI Score

0.001EPSS

2022-09-29 03:15 AM
4
githubexploit
githubexploit

Exploit for CVE-2024-0044

CVE 2024 0044 CVE-2024-0044, identified in the...

7.8AI Score

2024-06-18 12:30 PM
120
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

8CVSS

8.3AI Score

0.216EPSS

2022-12-22 09:35 AM
223
cve
cve

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

7.2AI Score

0.0004EPSS

2024-06-25 04:15 PM
4
cvelist
cvelist

CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

7.2CVSS

7.7AI Score

0.0005EPSS

2024-05-03 01:59 AM
cvelist
cvelist

CVE-2024-2580 WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-21 04:48 PM
zdt

10CVSS

6.7AI Score

0.001EPSS

2024-06-02 12:00 AM
12
wolfi
wolfi

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, snyk-cli, spicedb, velero-plugin-for-aws, ollama, kube-vip, timestamp-authority, pulumi-language-dotnet, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic, nri-nginx,....

5.5CVSS

6.1AI Score

0.0004EPSS

2024-06-26 09:08 AM
24
wolfi
wolfi

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, spicedb, temporal-server, velero-plugin-for-aws, ollama, timestamp-authority, pulumi-language-dotnet, hubble, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic,...

6.8AI Score

0.0004EPSS

2024-06-26 09:08 AM
58
nessus
nessus

Jenkins plugins Multiple Vulnerabilities (2023-10-25)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: High GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes. This results in a...

8.1CVSS

5.5AI Score

0.001EPSS

2023-10-25 12:00 AM
9
osv
osv

CVE-2023-48705

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's mark_safe() API when rendering certain...

7.1CVSS

5.3AI Score

0.001EPSS

2023-11-22 04:15 PM
6
githubexploit
githubexploit

Exploit for CVE-2024-20767

CVE-2024-20767 Exploit for Adobe ColdFusion 🛠️ This...

8.2CVSS

8.2AI Score

0.082EPSS

2024-03-26 07:17 PM
164
githubexploit
githubexploit

Exploit for CVE-2024-5084

🚀 HashForm Exploit Script This script demonstrates the...

9.8CVSS

8.6AI Score

0.035EPSS

2024-05-27 08:04 PM
144
githubexploit
githubexploit

Exploit for CVE-2022-4061

JBWPer | CVE-2022-4061 - JobBoardWP Automatic Mass Tool for...

7.7AI Score

2023-09-17 03:20 AM
410
githubexploit
githubexploit

Exploit for Code Injection in Vmware Spring Framework

Spring Core RCE/CVE-2022-22965 影响范围:JDK&gt;=9...

0.1AI Score

2022-03-31 12:41 PM
152
githubexploit
githubexploit

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

CVE 30190 Amine TITROFINE | December 17, 2022 ...

8.2AI Score

2023-05-14 01:38 PM
225
Total number of security vulnerabilities126718