9.8CVSS
10AI Score
0.975EPSS
Exploit for Improper Access Control in Ruijie Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
9.1AI Score
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string....
7.7CVSS
7.3AI Score
0.0004EPSS
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...
8.8CVSS
8.2AI Score
0.0004EPSS
CVE-2024-2247 JFrog Artifactory Cross-Site Scripting
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...
8.8CVSS
8.5AI Score
0.0004EPSS
Hipcam RealServer/V1.0 RTSP Format Validation Vulnerability...
7.2AI Score
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...
9CVSS
6.9AI Score
0.0004EPSS
Exploit for Exposure of Private Personal Information to an Unauthorized Actor in Easyappointments
CVE-2022-0482 Vulnerability Exploitation Introduction This...
9.1CVSS
9.3AI Score
0.22EPSS
7.5CVSS
6.5AI Score
0.013EPSS
Eaton Xpert Meter SSH Private Key Exposure Scanner
Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and...
7.5AI Score
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...
9CVSS
9.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds...
6.5AI Score
0.0004EPSS
Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details ** CVEID: CVE-2023-44270 DESCRIPTION: **PostCSS could allow a remote attacker to bypass security...
9.8CVSS
9.8AI Score
0.963EPSS
Exploit for Missing Authentication for Critical Function in Microsoft
BadBlue (Windows) CVE-2024-21306 BadBlue implementation...
7.8AI Score
A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The...
6.3CVSS
6.5AI Score
0.0004EPSS
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
6.9AI Score
0.0004EPSS
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** IBM X-Force ID: 270419 DESCRIPTION: **Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a...
7AI Score
Arbitrary File Overwrite in Eclipse JGit
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensiti...
8.8CVSS
8.8AI Score
0.001EPSS
7AI Score
0.003EPSS
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12262)
An attacker residing on the LAN can send reverse-ARP responses to the victim system to assign unicast IPv4 addresses to the target. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.8CVSS
9.5AI Score
0.002EPSS
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a.....
6.4AI Score
0.0004EPSS
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local...
2.8CVSS
6.5AI Score
0.0004EPSS
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.1AI Score
0.0004EPSS
10CVSS
9.9AI Score
0.001EPSS
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...
4.4CVSS
7.1AI Score
0.0004EPSS
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient...
9.8CVSS
9.8AI Score
0.012EPSS
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...
4.4CVSS
7AI Score
0.0004EPSS
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.7AI Score
0.0004EPSS
Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local...
4.4CVSS
7.1AI Score
0.0004EPSS
Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.1AI Score
0.0004EPSS
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.1AI Score
0.0004EPSS
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local...
6.5CVSS
6.3AI Score
0.0004EPSS
(RHSA-2024:3017) Important: edk2 security update
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235) EDK2:...
7.4AI Score
0.006EPSS
Exploit for Code Injection in Citrix Netscaler Application Delivery Controller
CVE-2023-3519 Inspector The cve_2023_3519_inspector.py is...
7AI Score
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local...
2.8CVSS
6.6AI Score
0.0004EPSS
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local...
2.8CVSS
3.8AI Score
0.0004EPSS
Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local...
4.4CVSS
6.5AI Score
0.0004EPSS
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local...
3.3CVSS
3.6AI Score
0.0004EPSS
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local...
3.3CVSS
6.2AI Score
0.0004EPSS
Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...
4.4CVSS
4.8AI Score
0.0004EPSS
Rockwell Automation Arena Simulation Software Free After Use Vulnerability
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A free after-use vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to insert...
7.8CVSS
6.9AI Score
0.0004EPSS
Exploit for Incorrect Authorization in Atlassian Confluence Data Center
CVE-2023-22518 Checker for CVE-2023-22518 and CVE-2023-22515...
9.8CVSS
9.8AI Score
0.966EPSS
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local...
3.3CVSS
6.1AI Score
0.0004EPSS
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...
7.1CVSS
8.6AI Score
0.001EPSS
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local...
6.5CVSS
6.5AI Score
0.0004EPSS