Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the...
8.8CVSS
9.3AI Score
0.0005EPSS
Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the...
8.8CVSS
7.9AI Score
0.0005EPSS
RHEL 8 : Red Hat Ansible Automation Platform 2.1.2 (RHSA-2022:5702)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5702 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
9.8CVSS
10AI Score
0.003EPSS
(RHSA-2024:3422) Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): linux-firmware: hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635) linux-firmware: hw: intel: Improper access control for...
7AI Score
0.0004EPSS
K000140039: Intel QAT vulnerability CVE-2023-32641
Security Advisory Description Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. (CVE-2023-32641) Impact There is no impact; F5 products are not affected by this...
8.8CVSS
7.5AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: qt5-qtwebsockets-5.15.14-1.fc40
The QtWebSockets module implements the WebSocket protocol as specified in R FC 6455. It solely depends on Qt (no external...
6.5AI Score
0.0004EPSS
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...
5.3CVSS
5.6AI Score
0.0004EPSS
Exploit for Inadequate Encryption Strength in Alpha-Innotec Heat Pumps Firmware
CVE-2024-22894 Downloaded the latest heatpump firmware...
6.8CVSS
7AI Score
0.001EPSS
RHEL 8 : Red Hat Ansible Automation Platform 2.1.3 (RHSA-2022:6078)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:6078 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
6.5CVSS
6.8AI Score
0.001EPSS
An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization...
5.4CVSS
5.3AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
0.574EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
5AI Score
0.0004EPSS
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...
8.3CVSS
8.6AI Score
0.0004EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.5AI Score
Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7AI Score
0.0004EPSS
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Summary Tornado’s curl_httpclient.CurlAsyncHTTPClient class is vulnerable to CRLF (carriage return/line feed) injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return (\r) or line feed (\n) characters in the request...
7.5AI Score
BMC BladeLogic Server Automation RSCD Agent Detection
An RSCD agent for BMC BladeLogic Server Automation (BSA) is running on the remote host. BSA is an enterprise solution for provisioning, configuring, and maintaining...
2.4AI Score
Rockwell Automation MicroLogix 1400 PLC Default Credentials
The remote device appears to be a Rockwell Automation MicroLogix 1400 PLC that can be accessed using default HTTP credentials. An attacker can exploit this to gain administrative access to the affected...
3.9AI Score
Siemens SIMATIC ProSave Detection
Siemens SIMATIC ProSave, an application for managing industrial automation control hardware, is installed on the remote...
2.1AI Score
Exploit for Code Injection in Crushftp
CVE-2024-4040 - exploit scanners This repository contains...
10CVSS
9.5AI Score
0.966EPSS
Siemens SCALANCE S612 Firewall Detection
The remote device as a Siemens SCALANCE S612 Firewall, a security solution for industrial automation technology and industrial control system networks. The device can act as a bridge or a gateway depending on the...
2.4AI Score
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...
6.5CVSS
6.6AI Score
0.001EPSS
Rockwell Automation MicroLogix 1100 PLC Default Credentials
The remote device appears to be a Rockwell Automation MicroLogix 1100 PLC that can be accessed using default HTTP credentials. An attacker can utilize this to gain administrative access to the affected...
3.8AI Score
Rockwell Automation RSLinx Classic < 3.73.00 Buffer Overflow
The remote host has a version of RSLinx Classic installed that is prior to 3.73.00. It is, therefore, affected by an arbitrary code execution vulnerability due an overflow condition caused by improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted...
4.4AI Score
Trihedral Engineering VTScada, an application for managing industrial automation control hardware, is installed on the remote...
1.9AI Score
WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute....
7.5CVSS
7.7AI Score
0.143EPSS
CrateDB has a Client initialized Session-Renegotiation DoS
Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly...
5.3CVSS
6.9AI Score
0.0004EPSS
Exploit for Path Traversal in Sysaid Sysaid On-Premises
Vulnerability Details fofa: ```text ...
9.8CVSS
9.6AI Score
0.943EPSS
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...
4.7CVSS
5.7AI Score
0.0004EPSS
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
FortiGate cve-2024-21762-checker This script is used to check...
9.8CVSS
7.2AI Score
0.018EPSS
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...
6.8AI Score
0.0004EPSS
Exploit for Code Injection in Apache Ofbiz
ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For...
9.8CVSS
6.6AI Score
0.798EPSS
CVE-2023-33733 on Reportlab v3.6.12 This lab was set up to...
7.8CVSS
7.7AI Score
0.001EPSS
Ansible Installed (Linux/UNIX)
Ansible, an IT automation and management application, was found on the remote...
1.4AI Score
Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local...
4.4CVSS
6.8AI Score
0.0004EPSS
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at...
0.0004EPSS
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at...
7.7AI Score
0.0004EPSS
8AI Score
0.0004EPSS
WAVLINK WN533A8 - Improper Access Control
WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute.....
7.5CVSS
7.7AI Score
0.143EPSS
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...
9.8CVSS
9.7AI Score
0.938EPSS
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at...
7.7AI Score
0.0004EPSS
libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at...
0.0004EPSS
Exploit for Improper Authentication in Automattic Woocommerce Payments
CVE-2023-28121 WooCommerce Payments < 5.6.2 - Unauthenticated...
9.8CVSS
9.3AI Score
0.924EPSS
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth=<N> query parameter, can expose hashed user passwords as stored in the datab...
6.5CVSS
6.6AI Score
0.001EPSS
RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0781 advisory. Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible...
7.5CVSS
8.2AI Score
0.01EPSS
OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue....
7.9CVSS
6.5AI Score
0.001EPSS
RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2 (RHSA-2022:5703)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5703 advisory. Red Hat Ansible Automation Platform integrates Red Hats automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine,...
9.8CVSS
10AI Score
0.003EPSS