Rockwell Automation ThinManager ThinServer SD1677 Multiple Vulnerabilites
The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.5, 13.1.x prior to 13.1.3 or 13.2.x prior to 13.2.2. It is therefore, affected by mutliple.....
8.6AI Score
0.0004EPSS
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory...
7.5CVSS
7.5AI Score
0.001EPSS
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration...
9.8CVSS
8.3AI Score
0.001EPSS
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted...
6.1CVSS
6.8AI Score
0.0005EPSS
Mitsubishi Electric Automation MC-WorX Suite Detection
Mitsubishi Electric Automation MC-WorX, a suite of software modules for data visualization and SCADA applications, is installed on the remote Windows...
2.4AI Score
Honeywell PM43 Printers - Command Injection
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g....
9.9CVSS
9.8AI Score
0.71EPSS
Rockwell Automation ControlLogix Communications Modules Multiple Vulnerabilities
Rockwell Automation ControlLogix Communications Modules are affected by multiple vulnerabilities, as follows: A remote code execution vulnerability via crafted CIP messages. (CVE-2023-3595) A denial of service vulnerability via crafted CIP messages. (CVE-2023-3596) Note that Nessus has not...
9.8CVSS
7.7AI Score
0.001EPSS
VISAM Automation Base (VBASE) Web-Remote Detection
The VISAM Automation Base (VBASE) Web-Remote service, a web-based remote interface to VBASE, is running on the remote...
1.5AI Score
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...
7AI Score
CVE-2024-30078 Detection and Command Execution Script This...
8.8CVSS
10AI Score
0.001EPSS
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business...
6.8AI Score
0.0004EPSS
7.2AI Score
Milesight Routers - Information Disclosure
A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...
7.5CVSS
7.8AI Score
0.007EPSS
OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby...
5.4CVSS
5.9AI Score
0.001EPSS
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege...
9.8CVSS
6.8AI Score
0.001EPSS
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input...
5.4CVSS
7.2AI Score
0.0004EPSS
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in...
9.6CVSS
5.9AI Score
0.001EPSS
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system...
9.8CVSS
8.2AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted...
6.1CVSS
5.9AI Score
0.001EPSS
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager ( CVE-2024-22354 ) Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...
7CVSS
7.2AI Score
0.0004EPSS
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF003. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a...
8.1CVSS
7.1AI Score
0.001EPSS
Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including,....
4.3CVSS
9AI Score
0.001EPSS
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control...
7.8CVSS
7.6AI Score
0.006EPSS
A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...
7.2AI Score
0.0004EPSS
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....
4.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected...
7.2AI Score
0.0004EPSS
A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit.....
7.5CVSS
7.6AI Score
0.006EPSS
Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-34055 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC...
9.8CVSS
10AI Score
0.012EPSS
Rockwell Automation RSLinx Classic <= 4.00.01 Multiple Vulnerabilities
The remote host has a version of RSLinx Classic installed that is v4.00.01 or prior. It is, therefore, affected by multiple...
2.5AI Score
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of...
1.5AI Score
0.001EPSS
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-51775) Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...
9.1AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for...
9.1AI Score
Exploit for PHP External Variable Modification in Juniper Junos
Automation for Juniper CVE:2023-36845 by Asbawy -> Modified...
9.8CVSS
7.2AI Score
0.965EPSS
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The...
7.5CVSS
7.6AI Score
0.106EPSS
Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware
CVE-2023-43261 - PoC Critical Vulnerability Exposes...
7.5CVSS
7.9AI Score
0.007EPSS
8.8CVSS
7.3AI Score
0.008EPSS
Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access...
5.5CVSS
7AI Score
0.0004EPSS
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
Follina (PATCHED) ### Remote Access...
8AI Score
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...
7AI Score
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
Follina (PATCHED) ### Remote Access...
8.6AI Score
Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm
CVE-2023-30253 Exploit Dolibarr...
8.8CVSS
7.4AI Score
0.008EPSS
Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm
CVE-2023-30253 Exploit Dolibarr...
8.8CVSS
7.4AI Score
0.008EPSS
Inductive Automation Ignition 8.x < 8.0.10 Multiple Vulnerabilities
The version of Inductive Automation Ignition running on the remote host is affected by multiple vulnerabilities : A denial of service (DoS) vulnerability exists due to an unprotected logging route when the Perspective Module is running. An unauthenticated, remote attacker can exploit...
7.5CVSS
2.3AI Score
0.845EPSS
Rockwell Automation RSLinx Classic < 4.11.00 Local Privilege Escalation
The remote host has a version of RSLinx Classic installed that is prior to 4.11.00. It is, therefore, affected by a local privilege escalation vulnerability where an authenticated attacker could modify a registry key, thiw could lead to the execution of malicious code usying system privileges when....
3.8AI Score
Rockwell Automation RSLinx Classic < 4.00.01 Local Privilege Escalation
The remote host has a version of RSLinx Classic installed that is prior to 4.00.01. It is, therefore, affected by a local privilege escalation vulnerability due to an unquoted path for a Windows service. A local attacker can gain elevated privileges by inserting an executable file in the path of...
4.4AI Score
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5CVSS
6.7AI Score
0.0004EPSS
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5CVSS
6.5AI Score
0.0004EPSS
9.8CVSS
7AI Score
0.001EPSS
Exploit for Injection in Gitlab
CVE-2022-2992 Authenticated Remote Command Execution in...
9.9CVSS
9.8AI Score
0.028EPSS
[ADT-3 R] RVC - CTS: StagefrightTest#testStagefright_bug_65483665 failure
In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...
6.5CVSS
6.3AI Score
0.001EPSS