Siemens TIA Administrator Detection
The remote host is running Siemens TIA (Totally Integrated Automation) Administrator. This software is used to manage Siemens TIA...
2.3AI Score
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...
5.3CVSS
7.1AI Score
0.001EPSS
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...
5.3CVSS
7.2AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...
8CVSS
8.3AI Score
0.216EPSS
Summary IBM Event Streams are vulnerable in terms of both confidentiality and integrity. Multiple Java components within IBM Event Streams are susceptible to these vulnerabilities, enabling remote attackers to execute malicious actions through these components. Vulnerability Details ** CVEID:...
7.4CVSS
7.1AI Score
0.001EPSS
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...
9.8CVSS
7AI Score
0.001EPSS
**Check Point Security Gateway RCE Exploit Tool...
8.6CVSS
7.2AI Score
0.945EPSS
Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting
Description The Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.6.2 due to insufficient input sanitization and output escaping. This makes it...
7.1CVSS
5.7AI Score
0.0004EPSS
Siemens SIMATIC WinCC (TIA Portal) Detection
Siemens SIMATIC WinCC Totally Integrated Automation Portal (TIA Portal) is installed on the remote Windows host. This software is commonly used for engineering SIMATIC S7 programmable logic...
3.9AI Score
10CVSS
6.7AI Score
0.001EPSS
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this....
7.2CVSS
7.5AI Score
0.0005EPSS
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information...
7.7CVSS
7.8AI Score
0.0005EPSS
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero...
4.8CVSS
7AI Score
0.001EPSS
An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash...
6.5CVSS
6.5AI Score
0.001EPSS
Oracle Web Determinations Detection
The remote web server hosts Oracle Web Determinations, a web-based interactive assessment system that is a component of Oracle Policy...
1.7AI Score
Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)
Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....
6.2CVSS
7.3AI Score
0.0005EPSS
Siemens SIMATIC STEP 7 (TIA Portal) Detection
Siemens SIMATIC STEP 7 Totally Integrated Automation Portal (TIA Portal) is installed on the remote Windows host. This software is commonly used for engineering SIMATIC S7 programmable logic...
3.6AI Score
Exploit for Command Injection in Tp-Link Tapo C200 Firmware
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)...
9.8CVSS
9.9AI Score
0.251EPSS
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...
5.4CVSS
6.8AI Score
0.001EPSS
7.3AI Score
MovableType - Remote Command Injection
MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via...
9.8CVSS
9.7AI Score
0.97EPSS
Rockwell Automation MicroLogix 1100 PLC < Series B FRN 12.0 MitM Replay Authentication Bypass
The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 12.0. It is, therefore, affected by an authentication bypass vulnerability due to a failure to properly restrict session replays. A man-in-the-middle attacker via HTTP traffic can....
0.6AI Score
Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write....
6.9CVSS
7AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...
8CVSS
8.3AI Score
0.216EPSS
10CVSS
7.1AI Score
0.001EPSS
7.1AI Score
0.001EPSS
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to...
2.7CVSS
0.0004EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358 An Vulnerability detection and Mass...
9.8CVSS
9.7AI Score
0.938EPSS
Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
8.2CVSS
6.8AI Score
0.0005EPSS
Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...
8.2CVSS
6.9AI Score
0.0005EPSS
Ivanti EPM Cloud Services Appliance Code Injection
Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions...
9.8CVSS
9.6AI Score
0.971EPSS
StruxureWare SCADA Expert ClearSCADA Detection
StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA), a suite of tools targeting factory and process automation solutions, is installed on the remote Windows...
2.7AI Score
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text...
7.5CVSS
6.1AI Score
0.0004EPSS
Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the...
8.8CVSS
9AI Score
0.0005EPSS
Siemens SIMATIC TIA Portal Detection
The remote host is running Siemens SIMATIC TIA (Totally Integrated Automation) Portal. This software is commonly used for engineering SIMATIC S7 programmable logic...
3.2AI Score
7.5CVSS
8.2AI Score
0.958EPSS
Apache APISIX - Remote Code Execution
A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port...
9.8CVSS
9.6AI Score
0.974EPSS
Loxone Smart Home Miniserver Web Server Version Detection
The remote device is a Loxone Smart Home Miniserver, a home automation solution. Nessus was able to extract the version from the web sever's...
2.5AI Score
WordPress BulletProof Security 5.1 Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up....
5.3CVSS
4.9AI Score
0.314EPSS
Exploit for Code Injection in Vmware Spring Framework
Spring Core RCE/CVE-2022-22965 影响范围:JDK>=9...
0.1AI Score
7.3AI Score
7.3AI Score
Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross- site request forgery attack. This plugin only works with Tenable.ot. Please visit...
6.5CVSS
5.2AI Score
0.001EPSS
CVE-2024-5990 ThinManager® ThinServer™ Improper Input Validation Vulnerability
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...
0.0004EPSS
Jenkins LTS < 2.277.2 / Jenkins weekly < 2.287 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.277.2 or Jenkins weekly prior to 2.287. It is, therefore, affected by multiple vulnerabilities: Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not...
6.5CVSS
5.2AI Score
0.001EPSS
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...
0.0004EPSS
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit...
6.1CVSS
6.7AI Score
0.0004EPSS
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
7.4AI Score
0.002EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
3.3AI Score
0.0004EPSS
Exploit for Command Injection in Tp-Link Archer Ax21 Firmware
Description CVE-2023–1389 is an Unauthenticated Command...
8.8CVSS
7.7AI Score
0.059EPSS