Intel(R) Atom(R) Processors are vulnerable to information exposure through microarchitectural state after transient execution. The vulnerability is due to certain register files, which, when accessed by an authenticated user, may potentially enable information disclosure via local...
6.5CVSS
6AI Score
0.0004EPSS
HP Client Automation radexecd.exe Remote Command Execution
The HP Client Automation service on the remote port is affected by a command execution vulnerability. The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit the vulnerability. The flaw...
7.2AI Score
0.813EPSS
Rockwell Automation RSLinx Classic <= 2.57.00.14 DoS (CVE-2020-13573)
The remote host has a version of RSLinx Classic installed that is prior or equal to 2.57.00.14. It is, therefore, potentially affected by a denial of service vulnerability in the Ethernet/IP server implementation. A remote, unauthenticated attacker could cause the device to crash by sending a...
7.5CVSS
3.6AI Score
0.019EPSS
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...
8.3CVSS
8.7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt5-qtserialbus-5.15.14-1.fc40
Qt Serial Bus (API) provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and...
6.5AI Score
0.0004EPSS
CVE-2024-6188 Parsec Automation TrackSYS pagedefinition direct request
A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...
5.3CVSS
0.0004EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577 Argument injection vulnerability in PHP...
9.8CVSS
7.2AI Score
0.967EPSS
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...
6.8AI Score
0.0004EPSS
Exploit for SQL Injection in Layerslider
CVE-2024-2879 Description LayerSlider 7.9.11 - 7.10.0 -...
9.8CVSS
7.8AI Score
0.004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...
6.8AI Score
0.0004EPSS
Exploit for Off-by-one Error in F5 Nginx
CVE-2021-23017-PoC ``` pip install -r requirements.txt...
7.7CVSS
8.1AI Score
0.517EPSS
CVE-2024-28830 Automation user secrets written to audit log
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to...
2.7CVSS
0.0004EPSS
Inductive Automation Ignition Detection
Inductive Automation Ignition, a web based SCADA HMI solution, was detected on the remote...
1.1AI Score
Siemens Automation License Manager 5.x < 5.3.4.4 Multiple Vulnerabilities
The remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities : A user-input validation error exists that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is ...
8.8CVSS
4.2AI Score
0.01EPSS
Siemens Automation License Manager 6.x < 6.0.1 Directory Traversal
The version of Siemens Automation License Manager installed on the remote host is version 6.x prior to 6.0.1 and thus, is affected by a user-input validation error that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is required for this....
4.9AI Score
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
6AI Score
0.0004EPSS
CVE-2024-31819 An issue in WWBN AVideo v.12.4 through v.14.2...
8AI Score
0.003EPSS
Rockwell Automation ThinManager ThinServer Improper Input Validation (CVE-2024-5990)
The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.4, 13.1.x prior to 13.1.2. It is therefore, affected by an improper input validation...
7.2AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762 out-of-bounds write in Fortinet FortiOS ...
9.8CVSS
8.7AI Score
0.018EPSS
A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal....
8.8CVSS
7.2AI Score
0.001EPSS
Exploit for Path Traversal in Aiohttp
[ CVE-2024-23334 :; 남의 exploit 리뷰 ] Review an exploit...
7.5CVSS
7.6AI Score
0.052EPSS
Tomcat should not disclose its own version to unauthenticated users
h3. Problem Definition When accessing URLs that aren't under the application context and are not defined in Tomcat, Tomcat returns a 404 along with its own version. h4. +Steps to reproduce problem+ * In a Jira instance with a context called jira for instance, browse http:///non_existent_uri. Make.....
0.6AI Score
CVE-2024-28764 IBM WebSphere Automation CSV injection
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: ...
6.5CVSS
6.9AI Score
0.0004EPSS
Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway
Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By.....
8.1AI Score
Fedora 39 : R (2024-07b7b83a4f)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07b7b83a4f advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...
8.8CVSS
8AI Score
0.0004EPSS
Exploit for Code Injection in Openplcproject Openplc V3 Firmware
CVE-2021-31630 Modified the PoC...
8.8CVSS
6.6AI Score
0.006EPSS
WebCTRL OEM <= 6.5 - Cross-Site Scripting
WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET...
6.1CVSS
6AI Score
0.018EPSS
Exploit for Incorrect Authorization in Vmware Spring Security
CVE 2022-22978: *Authorization Bypass in...
9.8CVSS
0.4AI Score
0.009EPSS
Summary Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms (TSAMP) shipped as a component of IBM Db2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions TSAMP...
7.5CVSS
6.8AI Score
0.001EPSS
VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without....
9.8CVSS
9.3AI Score
0.641EPSS
Fedora 38 : R (2024-bc590cb3f1)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc590cb3f1 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...
8.8CVSS
7.4AI Score
0.0004EPSS
VISAM Automation Base (VBASE) Web-Remote Path Traversal (CVE-2020-7008)
The VISAM Automation Base (VBASE) Web-Remote service running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to read arbitrary files on the remote...
7.5CVSS
4.2AI Score
0.002EPSS
Exploit for Path Traversal in Aiohttp
CVE-2024-23334-PoC A proof of concept of the path traversal...
7.5CVSS
6.9AI Score
0.052EPSS
Siemens Automation License Manager 5.x < 6.0.9 DoS (SSA-158827)
The version of Siemens Automation License Manager installed on the remote host is version 5.x prior to 6.0.9. It is, therefore, affected by a denial of service vulnerability. An attacker could exploit this by sending specially crafted packets to port 4410/tcp of an affected system. Note that...
3.8AI Score
[SECURITY] Fedora 40 Update: qt6-qtserialbus-6.7.1-1.fc40
Qt Serial Bus (API) provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and...
6.2AI Score
0.0004EPSS
Exploit for HTTP Request Smuggling in Apache Http Server
CVE 2023 25690 - Proof of Concept Published: 7 March 2023...
9.8CVSS
8.1AI Score
0.007EPSS
5.5CVSS
6.8AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
9.8CVSS
7.4AI Score
0.106EPSS
Cisco ASA - Local File Inclusion
Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...
7.5CVSS
7.9AI Score
0.974EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, falcoctl, nats, trillian, osv-scanner, step-ca, kaniko, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, capslock, k8sgpt, datadog-agent, kots, kubeadm-bootstrap-controller, spicedb, temporal-server,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.8AI Score
0.0004EPSS
CVE-2024-29269 An issue discovered in Telesquare TLR-2005Ksh...
7AI Score
0.001EPSS
CVE-2024-24919......
8.6CVSS
6.3AI Score
0.945EPSS
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target.....
8CVSS
7.7AI Score
0.001EPSS
Micro Focus Network Automation Detection
Micro Focus Network Automation (formerly HP Network Automation), a web-based application for automating IT processes, is running on the remote...
1.2AI Score
CVE-2022-38710 IBM Robotic Process Automation information disclosure
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...
6AI Score
0.001EPSS
CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the...
7.2CVSS
7.2AI Score
0.0004EPSS
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target.....
8CVSS
8.4AI Score
0.001EPSS