JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.6AI Score
0.0004EPSS
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...
8.8CVSS
6.5AI Score
0.0004EPSS
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the...
6.6AI Score
0.002EPSS
9.8CVSS
9.6AI Score
0.901EPSS
r-models.eu Cross Site Scripting vulnerability OBB-3846919
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-2424 Rockwell Automation Input/Output Device Vulnerable to Major Nonrecoverable Fault
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required....
7.5CVSS
7.6AI Score
0.0004EPSS
CVE-2023-33733 on Reportlab v3.6.12 This lab was set up to...
7.8CVSS
7.7AI Score
0.001EPSS
Exploit for Path Traversal in Aiohttp
[ CVE-2024-23334 :; 남의 exploit 리뷰 ] Review an exploit...
7.5CVSS
7.6AI Score
0.052EPSS
7.4AI Score
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network...
9.8CVSS
7.6AI Score
0.002EPSS
CVE-2024-1657 Ansible automation platform: insecure websocket used when interacting with eda server
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...
8.1CVSS
8.1AI Score
0.0004EPSS
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...
6.8AI Score
0.0004EPSS
CVE-2024-4511 Shanghai Sunfull Automation BACnet Server HMI1002-ARM Message buffer overflow
A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The...
6.3CVSS
6.8AI Score
0.0004EPSS
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...
0.0004EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 - exploit scanners This repository contains...
10CVSS
9.5AI Score
0.966EPSS
RHEL 8 : Red Hat Ansible Automation Platform 2.1 ansible-runner (RHSA-2022:0460)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0460 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
8.8CVSS
8.9AI Score
0.0004EPSS
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access...
5.5CVSS
7AI Score
0.0004EPSS
7.4AI Score
7.3AI Score
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this...
7.5CVSS
7.7AI Score
0.0005EPSS
7.4AI Score
RHEL 8 : Red Hat Ansible Automation Platform 2.0 ansible-runner (RHSA-2022:0474)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0474 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
8.8CVSS
6.7AI Score
0.0004EPSS
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7.3AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7517 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.3AI Score
0.001EPSS
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
7.7AI Score
0.002EPSS
Exploit for SQL Injection in Layerslider
CVE-2024-2879 Description LayerSlider 7.9.11 - 7.10.0 -...
9.8CVSS
7.8AI Score
0.004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4971 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
9.8CVSS
7.6AI Score
0.001EPSS
CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....
7.8AI Score
0.0004EPSS
CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....
7.9AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
5.9AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4590 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.3CVSS
6.7AI Score
0.001EPSS
Exploit for Infinite Loop in Openssl
CVE-2022-0778 The discovered vulnerability triggers an...
7.5CVSS
8.1AI Score
0.013EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4340 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.3CVSS
5.9AI Score
0.001EPSS
7.4AI Score
Siemens Automation License Manager CVE-2012-4691 Denial of Service
The remote host has a version of Siemens Automation License Manager installed that is affected by an excessive memory consumption denial of service vulnerability that can be triggered by sending a specially crafted packet to the Automation Licensing Manager TCP service listening on port...
3.9AI Score
0.001EPSS
7.4AI Score
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4692 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.3AI Score
0.002EPSS
7.4AI Score
Exploit for Path Traversal in Sysaid Sysaid On-Premises
Vulnerability Details fofa: ```text ...
9.8CVSS
9.6AI Score
0.935EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1057 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
7.6AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1640 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.5AI Score
0.052EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5208 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.5CVSS
7.8AI Score
0.001EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have.....
4.3CVSS
4.5AI Score
0.001EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7773 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.8CVSS
6.8AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0322 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
6.5CVSS
5.8AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5701 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
7.8AI Score
0.001EPSS
8.3AI Score
0.0004EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4991 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
9.8CVSS
9.5AI Score
0.001EPSS