Rockwell Automation RSLinx Classic <= 2.57.00.14 DoS (CVE-2020-13573)
The remote host has a version of RSLinx Classic installed that is prior or equal to 2.57.00.14. It is, therefore, potentially affected by a denial of service vulnerability in the Ethernet/IP server implementation. A remote, unauthenticated attacker could cause the device to crash by sending a...
7.5CVSS
3.6AI Score
0.019EPSS
VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without....
9.8CVSS
9.3AI Score
0.641EPSS
[SECURITY] Fedora 40 Update: qt6-qtserialbus-6.7.1-1.fc40
Qt Serial Bus (API) provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and...
6.2AI Score
0.0004EPSS
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5CVSS
6.5AI Score
0.0004EPSS
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...
8.8CVSS
9AI Score
0.837EPSS
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5CVSS
6.7AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: consul, nri-mssql, crossplane, frp, cert-manager, flux-image-reflector-controller, external-secrets-operator, kube-state-metrics, step, gomplate, kubernetes-event-exporter, trivy, influxd, nfs-subdir-external-provisioner, opentofu, prometheus-nats-exporter,...
5.9CVSS
7.1AI Score
0.962EPSS
VMware vRealize Automation Web UI Detection
The remote web server is running the web UI for VMware vRealize Automation, a cloud automation virtual appliance. Note: To obtain accurate version and build information provide HTTP basic authentication...
2.5AI Score
Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway
Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By.....
8.1AI Score
Summary IBM Business Automation Workflow is vulnerable to a denial of service attack. Vulnerability Details ** CVEID: CVE-2023-33008 DESCRIPTION: **Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON...
5.3CVSS
6.7AI Score
0.002EPSS
Siemens Automation License Manager Multiple Vulnerabilities
The remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities : There are multiple buffer overflows that can be exploited to execute arbitrary code by sending a message to the Automation License Manager TCP service...
2.2AI Score
0.02EPSS
Summary Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms (TSAMP) shipped as a component of IBM Db2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions TSAMP...
7.5CVSS
6.8AI Score
0.001EPSS
CVE-2024-28775 IBM WebSphere Automation cross-site scripting
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
4.4CVSS
4.7AI Score
0.0004EPSS
CVE-2024-24919......
8.6CVSS
6.3AI Score
0.945EPSS
Summary IBM Business Automation Workflow reintroduced an outdated version of the Xalan library. Vulnerability Details ** CVEID: CVE-2014-0107 DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...
7.5CVSS
10AI Score
0.005EPSS
CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the...
7.2CVSS
7AI Score
0.0004EPSS
Updated microcode packages fix security vulnerabilities
The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (CVE-2023-45733) Sequence of processor instructions leads to unexpected...
7.9CVSS
6.3AI Score
0.0004EPSS
Exploit for Race Condition in Apple Ipados
desc_race "desc_race" (CVE-2021-30955) exploit for iOS 15.0 -...
7.3AI Score
CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN...
8.6CVSS
6.3AI Score
0.945EPSS
Cisco ASA - Local File Inclusion
Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...
7.5CVSS
7.9AI Score
0.974EPSS
Exploit for Off-by-one Error in F5 Nginx
CVE-2021-23017-PoC ``` pip install -r requirements.txt...
7.7CVSS
8.1AI Score
0.52EPSS
Siemens Automation License Manager 5.x < 6.0.9 DoS (SSA-158827)
The version of Siemens Automation License Manager installed on the remote host is version 5.x prior to 6.0.9. It is, therefore, affected by a denial of service vulnerability. An attacker could exploit this by sending specially crafted packets to port 4410/tcp of an affected system. Note that...
3.8AI Score
6.5CVSS
8.8AI Score
0.002EPSS
Exploit for OS Command Injection in Cisco Ios Xe
CVE-2023-20273 CVE-2023-20273 Exploit PoC Usage ```...
7.2CVSS
6.9AI Score
0.026EPSS
CVE-2022-38710 IBM Robotic Process Automation information disclosure
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...
6AI Score
0.001EPSS
CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the...
7.2CVSS
7.2AI Score
0.0004EPSS
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7.3AI Score
0.0004EPSS
CVE-2022-38710 IBM Robotic Process Automation information disclosure
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...
5.1AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
CVE-2024-31819 An issue in WWBN AVideo v.12.4 through v.14.2...
8AI Score
0.003EPSS
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being...
6.5CVSS
6.2AI Score
0.001EPSS
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local...
6.1CVSS
6.8AI Score
0.001EPSS
9.8CVSS
7.4AI Score
0.085EPSS
Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel
RNDIS-CO Summary The RNDIS USB Gadget may be exploited...
6.9AI Score
n-e-r-v-o-u-s.com Cross Site Scripting vulnerability OBB-3857032
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Horde/Horde Groupware - Local File Inclusion
Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver...
6.7AI Score
0.04EPSS
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and...
7.8CVSS
7.2AI Score
0.0004EPSS
Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.42.10 through publicly exposed log files. This makes it possible for unauthenticated attackers to...
6.5AI Score
0.0004EPSS
Home Assistant Supervisor - Authentication Bypass
Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older.....
10CVSS
9.6AI Score
0.034EPSS
[Android Auto] App permissions reset after upgrade on device from R build to S build
In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383
Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...
7.2CVSS
6.5AI Score
0.0004EPSS
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...
5.3CVSS
5.6AI Score
0.0004EPSS
Siemens SCALANCE S612 Firewall Detection
The remote device as a Siemens SCALANCE S612 Firewall, a security solution for industrial automation technology and industrial control system networks. The device can act as a bridge or a gateway depending on the...
2.4AI Score
Rockwell Automation MicroLogix 1400 PLC Default Credentials
The remote device appears to be a Rockwell Automation MicroLogix 1400 PLC that can be accessed using default HTTP credentials. An attacker can exploit this to gain administrative access to the affected...
3.9AI Score
Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762 out-of-bounds write in Fortinet FortiOS ...
9.8CVSS
8.7AI Score
0.018EPSS
Exploit for HTTP Request Smuggling in Apache Http Server
CVE 2023 25690 - Proof of Concept Published: 7 March 2023...
9.8CVSS
8.1AI Score
0.007EPSS
Vulnerability Scanner for CVE-2024-24919 (need Shodan API)...
8.6CVSS
8.6AI Score
0.945EPSS
Rockwell Automation MicroLogix 1100 PLC Default Credentials
The remote device appears to be a Rockwell Automation MicroLogix 1100 PLC that can be accessed using default HTTP credentials. An attacker can utilize this to gain administrative access to the affected...
3.8AI Score
Exploit for PHP External Variable Modification in Juniper Junos
Automation for Juniper CVE:2023-36845 Overview is a bash...
9.8CVSS
7.3AI Score
0.967EPSS