Eaton Xpert Meter SSH Private Key Exposure Scanner
Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and...
7.5AI Score
CVE-2023-31211 Disabled automation users could still authenticate
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked...
8.8CVSS
9AI Score
0.0005EPSS
AVEVA InduSoft Web Studio / InTouch Edge HMI TCP/IP Server Detection
The remote host is running the TCP/IP server for AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition), a software application for managing and monitoring SCADA...
0.5AI Score
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade...
9.9CVSS
9.3AI Score
0.003EPSS
Exploit for Improper Access Control in Ruijie Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
9.1AI Score
Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7AI Score
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
5.4AI Score
0.0004EPSS
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string....
7.7CVSS
7.3AI Score
0.0004EPSS
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
6.9AI Score
0.0004EPSS
A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The...
6.3CVSS
6.5AI Score
0.0004EPSS
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...
8.8CVSS
8.2AI Score
0.0004EPSS
CVE-2024-2247 JFrog Artifactory Cross-Site Scripting
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...
8.8CVSS
8.5AI Score
0.0004EPSS
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...
9CVSS
6.9AI Score
0.0004EPSS
9.8CVSS
10AI Score
0.975EPSS
10CVSS
9.9AI Score
0.001EPSS
Exploit for Code Injection in Citrix Netscaler Application Delivery Controller
CVE-2023-3519 Inspector The cve_2023_3519_inspector.py is...
7AI Score
7.5CVSS
6.5AI Score
0.013EPSS
Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...
4.3CVSS
4.5AI Score
0.001EPSS
CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...
9CVSS
9.4AI Score
0.0004EPSS
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized...
6.1CVSS
6.1AI Score
0.003EPSS
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local...
2.8CVSS
6.5AI Score
0.0004EPSS
Issue Overview: 2024-05-09: CVE-2021-33117 was added to this advisory. A flaw was found in microcode. Under complex microarchitectural conditions, an unexpected code breakpoint may cause a system hang. The hang was observed on a Skylake server processor, and subsequent analysis indicated...
6.8CVSS
7.2AI Score
0.001EPSS
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
Exploit for Missing Authentication for Critical Function in Microsoft
BadBlue (Windows) CVE-2024-21306 BadBlue implementation...
7.8AI Score
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves...
6.5CVSS
5.8AI Score
0.0004EPSS
Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
7AI Score
0.003EPSS
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.1AI Score
0.0004EPSS
Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware
Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...
8.8CVSS
8.9AI Score
0.005EPSS
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...
4.4CVSS
7AI Score
0.0004EPSS
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local...
6.5CVSS
6.3AI Score
0.0004EPSS
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...
7.4AI Score
EPSS
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local...
2.8CVSS
6.6AI Score
0.0004EPSS
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local...
2.8CVSS
3.8AI Score
0.0004EPSS
Exploit for Cross-site Scripting in Helpsystems Cobalt Strike
CVE-2022-39197-RCE First This project was modified from...
6.1CVSS
AI Score
0.008EPSS
IceWarp Mail Server - Open Redirect
IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended...
6.1CVSS
6.2AI Score
0.002EPSS
Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local...
4.4CVSS
7.1AI Score
0.0004EPSS
Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.1AI Score
0.0004EPSS
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
7.1AI Score
0.0004EPSS
Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local...
4.4CVSS
6.5AI Score
0.0004EPSS
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local...
6.7CVSS
6.7AI Score
0.0004EPSS
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...
4.4CVSS
7.1AI Score
0.0004EPSS
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient...
9.8CVSS
9.8AI Score
0.012EPSS
Exploit for Incorrect Implementation of Authentication Algorithm in Microsoft
🛑 Microsoft SharePoint: CVE-2023-29357 🛑 **Microsoft...
9.8CVSS
9.9AI Score
0.89EPSS
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local...
3.3CVSS
3.6AI Score
0.0004EPSS
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local...
3.3CVSS
6.2AI Score
0.0004EPSS
Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.0004EPSS