r-b-a.ru Cross Site Scripting vulnerability OBB-3906108
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Micro Focus Operations Bridge Manager Authenticated Remote Code Execution
This module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However this module was...
7.9AI Score
r-broker.ru Cross Site Scripting vulnerability OBB-3918433
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Rockwell Automation ControlLogix Service Detection
The remote host is a Rockwell Automation 1756 ControlLogix...
7AI Score
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted...
6.2AI Score
0.001EPSS
Fedora: Security Advisory for R (FEDORA-2024-bc590cb3f1)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.0004EPSS
Fedora: Security Advisory for R (FEDORA-2024-07b7b83a4f)
The remote host is missing an update for...
8.8CVSS
8.8AI Score
0.0004EPSS
Siemens Automation License Manager Detection
The remote host has Siemens Automation License Manager installed. Siemens Automation License Manager is used for authorizing and licensing Siemens SIMATIC Industry...
2.2AI Score
Regular Expression Denial Of Service (ReDoS)
django is vulnerable to Regular Expression Denial of Service (ReDoS). A remote attacker is able to cause denial of service conditions through the EmailValidator or URLValidator functions via submitting a large number of domain name labels of emails and...
7.5CVSS
6.7AI Score
0.001EPSS
Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...
5.9CVSS
8.6AI Score
0.001EPSS
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, trillian, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, k8sgpt, kots, kubernetes-csi-livenessprobe, prometheus-statsd-exporter, external-dns, ollama, aws-ebs-csi-driver, pulumi-language-dotnet,...
6.1CVSS
7.3AI Score
0.001EPSS
Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...
8.6CVSS
8.7AI Score
0.001EPSS
r-fujita.jcp-ota.jp Cross Site Scripting vulnerability OBB-3869760
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Siemens SIMATIC S7 Device Detection Consolidation
Consolidation of Siemens SIMATIC S7 device...
7.3AI Score
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF004. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...
6.5CVSS
8AI Score
0.0004EPSS
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, trillian, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, k8sgpt, kots, kubernetes-csi-livenessprobe, prometheus-statsd-exporter, external-dns, ollama, aws-ebs-csi-driver, pulumi-language-dotnet,...
7.5AI Score
Exploit for Incorrect Authorization in Atlassian Confluence Data Center
CVE-2023-22518 Improper Authorization Vulnerability in...
9.8CVSS
7.2AI Score
0.966EPSS
Exploit for Incorrect Authorization in Atlassian Confluence Data Center
CVE-2023-22518 Improper Authorization Vulnerability in...
9.8CVSS
7.2AI Score
0.966EPSS
In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, nats, trillian, aws-efs-csi-driver, thanos, go, kubernetes-csi-external-provisioner, k8sgpt, kots, kubernetes-csi-livenessprobe, prometheus-statsd-exporter, external-dns, ollama, aws-ebs-csi-driver,...
7.5CVSS
8.4AI Score
0.002EPSS
This module will use Layer2 packets, known as Profinet Discovery packets, to detect all Siemens (and sometimes other) devices on a network. It is perfectly SCADA-safe, as there will only be ONE single packet sent out. Devices will respond with their IP configuration and hostnames. Created by XiaK.....
7.3AI Score
libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...
7.5CVSS
7.5AI Score
0.0005EPSS
Exploit for OS Command Injection in Proscend M330-W Firmware
CVE-2022-36779 exploit code for Unauthenticated OS...
9.8CVSS
7.3AI Score
0.002EPSS
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager ( CVE-2024-22329) Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...
4.3CVSS
6.5AI Score
0.0004EPSS
Summary MySQL Connector/J versions used by IBM Event Processing are susceptible to a difficult to exploit vulnerability that could allow an unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person....
8.3CVSS
5.8AI Score
0.001EPSS
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...
7.5CVSS
7.2AI Score
0.0005EPSS
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...
7.1CVSS
5.8AI Score
0.0005EPSS
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....
6.5CVSS
6.3AI Score
0.0004EPSS
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...
7.5CVSS
7.5AI Score
0.0005EPSS
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
7.6AI Score
0.05EPSS
Exploit for Improper Input Validation in Microsoft
CVE-2024-30078 Detection and Command Execution Script This...
8.8CVSS
9.9AI Score
0.001EPSS
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in...
8.1CVSS
6.3AI Score
0.003EPSS
Summary IBM Event Endpoint Management is vulnerable to a denial of service due to json-path component, caused by a stack-based buffer overflow in the Criteria.parse method.It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document. ...
5.3CVSS
7.5AI Score
0.0005EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, nats, trillian, step-ca, thanos, helm-push, kots, temporal-server, prometheus-statsd-exporter, external-dns, grype, ollama, nerdctl, crossplane-provider-aws, tekton-chains, vault-csi-provider, trivy, prometheus, up,...
5.9CVSS
7.1AI Score
0.963EPSS
Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...
7.8CVSS
9.5AI Score
0.002EPSS
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...
8.8CVSS
7AI Score
0.001EPSS
Summary There is a vulnerability in follow-redirects used by IBM Event Processing which is categorized as an Improper Input Validation vulnerability due to the improper handling of URLs by the url.parse() function. This vulnerability can be exploited by manipulating the hostname when new URL()...
7.3CVSS
8.6AI Score
0.001EPSS
Summary IBM Event Processing is vulnerable to a denial of service due to json-path component , caused by a stack-based buffer overflow in the Criteria.parse method. It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document. ...
5.3CVSS
7.5AI Score
0.0005EPSS
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP...
7.2CVSS
7.9AI Score
0.001EPSS
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass...
9.8CVSS
7.1AI Score
0.001EPSS
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL...
6.1CVSS
5.8AI Score
0.0005EPSS
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET...
6.5CVSS
7.1AI Score
0.0005EPSS
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before...
7.5CVSS
7.2AI Score
0.001EPSS
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....
7CVSS
7AI Score
0.0004EPSS
HP Client Automation Default Credentials
The remote install of HP Client Automation has a default password ('secret') set. An attacker may connect to it to reconfigure the application and control remote...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, nats, trillian, aws-efs-csi-driver, thanos, go, kubernetes-csi-external-provisioner, k8sgpt, kots, kubernetes-csi-livenessprobe, prometheus-statsd-exporter, external-dns, ollama, aws-ebs-csi-driver,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, nats, trillian, step-ca, thanos, helm-push, kots, temporal-server, prometheus-statsd-exporter, external-dns, grype, ollama, nerdctl, crossplane-provider-aws, tekton-chains, vault-csi-provider, trivy, prometheus, up,...
7.5AI Score
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby...
5.4CVSS
5.9AI Score
0.001EPSS
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory...
7.5CVSS
7.5AI Score
0.001EPSS