CVE-2024-28775 IBM WebSphere Automation cross-site scripting
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
4.4CVSS
4.7AI Score
0.0004EPSS
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target.....
8CVSS
8.4AI Score
0.001EPSS
CVE-2022-38710 IBM Robotic Process Automation information disclosure
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...
5.1AI Score
0.001EPSS
Home Assistant Supervisor - Authentication Bypass
Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older.....
10CVSS
9.6AI Score
0.034EPSS
CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN...
8.6CVSS
6.3AI Score
0.945EPSS
Rockwell Automation RSLinx Classic Detection
The remote host has a version of Rockwell Automation RSLinx Classic installed, software commonly used for managing industrial automation control...
3.4AI Score
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...
8.8CVSS
9AI Score
0.837EPSS
Inductive Automation Ignition Multiple Vulnerabilities
The version of Inductive Automation Ignition listening on the remote host is affected by multiple vulnerabilities : A cross-site scripting vulnerability exists in Java Web Start when adding any symbols to web requests for starting Java applets. A remote attacker can exploit this to...
0.5AI Score
0.006EPSS
CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the...
7.2CVSS
7AI Score
0.0004EPSS
Updated microcode packages fix security vulnerabilities
The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (CVE-2023-45733) Sequence of processor instructions leads to unexpected...
7.9CVSS
6.3AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
Exploit for OS Command Injection in Cisco Ios Xe
CVE-2023-20273 CVE-2023-20273 Exploit PoC Usage ```...
7.2CVSS
6.9AI Score
0.036EPSS
Siemens Automation License Manager 5.x < 6.0.8 Privilege Escalation (SSA-388646)
The version of Siemens Automation License Manager installed on the remote host is version 5.x prior to 6.0.8. It is, therefore, affected by a privilege escalation vulnerability due to improper validation of user privileges when executing some operations. An authenticated, local attacker could...
4AI Score
Mitsubishi Electric Automation MC-WorX 8.x ActiveX Control Remote Code Execution
Mitsubishi Electric Automation MC-WorX version 8.x was detected on the remote Windows Host. It is, therefore, affected by a remote code execution vulnerability due a flaw in an included ActiveX control,...
4.1AI Score
Exploit for Race Condition in Apple Ipados
desc_race "desc_race" (CVE-2021-30955) exploit for iOS 15.0 -...
7.3AI Score
6.5CVSS
8.8AI Score
0.002EPSS
Vulnerability Scanner for CVE-2024-24919 (need Shodan API)...
8.6CVSS
8.6AI Score
0.945EPSS
CVE-2021-47342 ext4: fix possible UAF when remounting r/o a mmp-protected file system
In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak in ext4_fill_super"), after the file system is remounted read-only, there is a race where the kmmpd thread...
6.3AI Score
0.0004EPSS
CVE-2021-47342 ext4: fix possible UAF when remounting r/o a mmp-protected file system
In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak in ext4_fill_super"), after the file system is remounted read-only, there is a race where the kmmpd thread...
6.8AI Score
0.0004EPSS
Exploit for Untrusted Pointer Dereference in Microsoft
CVE-2023-21768 Local Privilege Escalation POC authors:...
7.8CVSS
8.2AI Score
0.003EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote...
9.2AI Score
Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel
RNDIS-CO Summary The RNDIS USB Gadget may be exploited...
6.9AI Score
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...
7.5AI Score
Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness
The remote host is using the Jenkins HP Application Automation tools plugin. Nessus was able to remotely access one or more unprotected file(s) in the Jenkins build system and decrypt the HP Application Lifecycle Management password. These passwords are currently encrypted with a known, hard-coded....
7.3AI Score
K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383
Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...
7.2CVSS
6.5AI Score
0.0004EPSS
R Programming Language 1.4.0 < 4.4.0 Insecure Deserialization
The version of the R Programming Language running on the remote host is 1.4.0 or later, before 4.4.0. It is, therefore, affected by an insecure deserialization vulnerability. Deserialization of untrusted data can occur, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R.....
8.8CVSS
7.9AI Score
0.0004EPSS
Horde/Horde Groupware - Local File Inclusion
Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver...
6.7AI Score
0.04EPSS
Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
7.2AI Score
0.001EPSS
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction...
6.3CVSS
6.2AI Score
0.001EPSS
Amcrest IP Camera Web Management - Data Exposure
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative...
9.8CVSS
9.6AI Score
0.929EPSS
CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...
0.0004EPSS
CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...
8.8AI Score
0.0004EPSS
Siemens Automation License Manager Multiple Vulnerabilities
The remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities : There are multiple buffer overflows that can be exploited to execute arbitrary code by sending a message to the Automation License Manager TCP service...
2.2AI Score
0.02EPSS
CrushFTP VFS - Sandbox Escape LFR
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS...
10CVSS
9.2AI Score
0.966EPSS
Exploit for Use After Free in Microsoft
CVE-2023-36802 Local Privilege Escalation POC authors:...
7.8CVSS
6.7AI Score
0.001EPSS
n-e-r-v-o-u-s.com Cross Site Scripting vulnerability OBB-3857032
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-5988 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...
0.0004EPSS
VMware vRealize Automation Web UI Detection
The remote web server is running the web UI for VMware vRealize Automation, a cloud automation virtual appliance. Note: To obtain accurate version and build information provide HTTP basic authentication...
2.5AI Score
9.8CVSS
9.7AI Score
0.574EPSS
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7.3AI Score
0.0004EPSS
CVE-2024-24919-Sniper ![CVE-2024-24919 Sniper...
8.6CVSS
6.2AI Score
0.945EPSS
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....
6.9AI Score
0.0004EPSS
CVE-2023-6028 SDM Web interface vulnerable to XSS
A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser...
6.1CVSS
6.2AI Score
0.001EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 Openfire Console Authentication Bypass...
8.6CVSS
8.1AI Score
0.973EPSS
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local...
6.1CVSS
6.8AI Score
0.001EPSS
Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the...
8.8CVSS
9.3AI Score
0.0005EPSS
CrateDB has a Client initialized Session-Renegotiation DoS
Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...
5.3CVSS
6.9AI Score
0.0004EPSS
Siemens SCALANCE S612 Firewall Detection
The remote device as a Siemens SCALANCE S612 Firewall, a security solution for industrial automation technology and industrial control system networks. The device can act as a bridge or a gateway depending on the...
2.4AI Score
RHEL 8 : Red Hat Ansible Automation Platform 2.1.2 (RHSA-2022:5702)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5702 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
9.8CVSS
10AI Score
0.003EPSS