An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to....
4.9CVSS
5.8AI Score
0.0004EPSS
7.5AI Score
0.001EPSS
Issue Overview: 2024-05-09: CVE-2022-33196 was added to this advisory. Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...
7.5CVSS
7.2AI Score
0.0004EPSS
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via...
5.4CVSS
6AI Score
0.001EPSS
Exploit for Injection in Atlassian Confluence Data Center
Atlassian Confluence CVE-2023-22527 Scanner 🛡️ Overview 🌟...
9.8CVSS
9.2AI Score
0.971EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provide....
5.3CVSS
7.2AI Score
0.001EPSS
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...
4.7CVSS
5AI Score
0.0004EPSS
Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction...
9.9CVSS
0.0004EPSS
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required....
7.5CVSS
6.6AI Score
0.0004EPSS
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
6.5CVSS
6.2AI Score
0.001EPSS
FreeBSD : R -- arbitrary code execution vulnerability (4a1e2bad-0836-11ef-9fd2-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a1e2bad-0836-11ef-9fd2-1c697a616631 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any...
8.8CVSS
7.1AI Score
0.0004EPSS
8.1CVSS
7AI Score
0.017EPSS
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature...
7.5CVSS
7.6AI Score
0.001EPSS
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...
8.6CVSS
7.1AI Score
0.001EPSS
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root...
7.5CVSS
7.3AI Score
0.605EPSS
undici is an HTTP/1.1 client, written from scratch for Node.js.=< [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import { request } from 'undici' const...
5.3CVSS
5.2AI Score
0.001EPSS
9.8CVSS
10AI Score
0.929EPSS
Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...
6.5CVSS
6.8AI Score
0.0004EPSS
Summary IBM Business Automation Workflow embedded doucment managaement system is vulnerable to incorrect authorization an attack. Vulnerability Details ** CVEID: CVE-2023-47716 DESCRIPTION: **IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain...
6.3CVSS
6.6AI Score
0.0004EPSS
Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)
Summary Vulnerability in Python could allow a remote attacker to obtain sensitive information (CVE-2024-28757). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-28757 DESCRIPTION: **libexpat could allow a remote attacker to obtain...
6.8AI Score
0.0004EPSS
Summary IBM Business Automation Workflow is depends on a vulnerable version of PostCSS. Vulnerability Details ** CVEID: CVE-2023-44270 DESCRIPTION: **PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a specially crafted external...
5.3CVSS
9.4AI Score
0.001EPSS
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of...
9.8CVSS
7.1AI Score
0.001EPSS
Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local...
5.5CVSS
6.4AI Score
0.0004EPSS
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...
7.2CVSS
7.5AI Score
0.0005EPSS
Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details ** CVEID: CVE-2023-50959 DESCRIPTION: **IBM Business Automation Workflow may allow end users to query more documents than expected from a connected Enterprise Content Management...
6.5CVSS
9.2AI Score
0.0005EPSS
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...
6.5CVSS
6.4AI Score
0.001EPSS
Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details ** IBM X-Force ID: 273485 DESCRIPTION: **Enterprise Security API for Java is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
6.8AI Score
Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 (V21.0.3) or IBM® Semeru Runtime 17 (V23.0.2). Information about security vulnerabilities in these Java runtumes have been published. IBM Business Automation Workflow includes IBM Java 8. Vulnerability Details ** CVEID:...
7.5CVSS
6.9AI Score
0.001EPSS
Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local...
2.3CVSS
6.4AI Score
0.0004EPSS
Cosign malicious attachments can cause system-wide denial of service
Summary A remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other....
4.2CVSS
4.7AI Score
0.0004EPSS
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled...
7.5CVSS
7.1AI Score
0.003EPSS
File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self...
9.8CVSS
8.1AI Score
0.012EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, ...
9.8CVSS
3.4AI Score
0.003EPSS
Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local...
5.5CVSS
6.6AI Score
0.0004EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL.....
7.5CVSS
6.5AI Score
0.0004EPSS
Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
6.4AI Score
0.0004EPSS
Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the *.ui.nabu.casa URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the.....
5.3CVSS
6.8AI Score
0.0005EPSS
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at...
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....
7.4AI Score
0.002EPSS
Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...
6.5CVSS
6.4AI Score
0.0005EPSS
RuggedCom RuggedOS Default 'factory' Account Backdoor
The remote device is running RuggedCom RuggedOS (ROS). Using the user name 'factory' and a password derived from the MAC address of the device (which is present in the telnet login banner), Nessus was able to successfully log into the device via a built-in backdoor...
3.7AI Score
Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
6.3AI Score
0.0004EPSS
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this...
7.5CVSS
7.5AI Score
0.0005EPSS
Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.1AI Score
0.0004EPSS
Microsoft SQL Server Command Execution
This module will execute a Windows command on a MSSQL/MSDE instance via the xp_cmdshell (default) or the sp_oacreate procedure (more opsec safe, no output, no temporary data table). A valid username and password is required to use this...
7.7AI Score
XWiki < 4.10.15 - Sensitive Information Disclosure
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...
7.5CVSS
6.7AI Score
0.333EPSS
n-e-r-v-o-u-s.com Cross Site Scripting vulnerability OBB-3930116
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....
8.8CVSS
8.8AI Score
0.0004EPSS
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.3AI Score
0.0004EPSS