Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the...
7.2CVSS
6.9AI Score
0.0004EPSS
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user...
6.4CVSS
7.1AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.5AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, falcoctl, nats, trillian, osv-scanner, step-ca, kaniko, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, capslock, k8sgpt, datadog-agent, kots, kubeadm-bootstrap-controller, spicedb, temporal-server,...
6.7AI Score
0.0004EPSS
CVE-2024-1657 Ansible automation platform: insecure websocket used when interacting with eda server
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...
8.1CVSS
8.1AI Score
0.0004EPSS
Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor
CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...
9.8CVSS
9.5AI Score
0.097EPSS
Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor
CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...
9.8CVSS
9.5AI Score
0.097EPSS
Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id...
6.1CVSS
6AI Score
0.004EPSS
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local...
6CVSS
6AI Score
0.0004EPSS
Exploit for Exposure of Resource to Wrong Sphere in Microsoft
Blank Space Blank Space is a refactoring of James Forshaw's...
8.6AI Score
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if __parse_content_stream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and...
6.2CVSS
7AI Score
0.0004EPSS
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging...
7.5CVSS
7.2AI Score
0.0005EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that...
7.1CVSS
5.2AI Score
0.001EPSS
An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are...
4.3CVSS
7.2AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3781 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
8.4AI Score
EPSS
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many.....
7.5CVSS
6.9AI Score
0.003EPSS
Exploit for Path Traversal in Microsoft
CVE-2021-40444 Usage Ensure to run setup.sh first as...
8.8CVSS
6.7AI Score
0.969EPSS
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in...
6.1CVSS
6AI Score
0.0005EPSS
An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via...
6.1CVSS
6.2AI Score
0.0005EPSS
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and...
5.3CVSS
7.2AI Score
0.0005EPSS
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g.,...
5.3CVSS
7.2AI Score
0.0005EPSS
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may...
5.3CVSS
7AI Score
0.0005EPSS
Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
8.8CVSS
9.2AI Score
0.0005EPSS
Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local...
6CVSS
4.7AI Score
0.0004EPSS
Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
8.8CVSS
9.1AI Score
0.0005EPSS
phpShowtime 2.0 - Directory Traversal
A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to...
6.7AI Score
0.013EPSS
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the...
7.5CVSS
7.3AI Score
0.002EPSS
7.4AI Score
Rockwell Automation FactoryTalk Linx Path Traversal Information Disclosure
The Rockwell Automation FactoryTalk Linx running on the remote host is affected by a path traversal vulnerability due to the lack of validation of user-supplied file paths before using them in file operations. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to....
7.5CVSS
2.2AI Score
0.016EPSS
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this...
7.5CVSS
6.7AI Score
0.0005EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, snyk-cli, spicedb, velero-plugin-for-aws, ollama, kube-vip, timestamp-authority, pulumi-language-dotnet, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic, nri-nginx,....
7.5AI Score
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in...
5.4CVSS
5.3AI Score
0.0004EPSS
9.8CVSS
7.6AI Score
0.937EPSS
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this...
7.5CVSS
7.7AI Score
0.0005EPSS
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...
5.4CVSS
5.3AI Score
0.0004EPSS
Rockwell Automation RSLinx Classic ENGINE.dll Stack Buffer Overflow
The RSLinx Classic running on the remote host is affected by a remote code execution vulnerability due to a stack buffer overflow condition when handling an EtherNet/IP message received on TCP port 44818. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message,.....
9.8CVSS
4.7AI Score
0.023EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)...
10CVSS
10AI Score
0.975EPSS
Exploit for Path Traversal in Grafana
CVE-2021-43798 – Grafana Exploit About This is a...
7.5CVSS
0.6AI Score
0.975EPSS
Rockwell Automation MicroLogix 1400 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1400 Programmable Logic Controller...
2.2AI Score
Rockwell Automation MicroLogix 1100 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1100 Programmable Logic Controller...
2.2AI Score
Summary IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens (JWTs), enabling encryption, decryption, and validation of tokens to ensure secure authentication and data...
6.8AI Score
0.0004EPSS
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 PoC Description This repository contains a...
7.5CVSS
7.5AI Score
0.052EPSS
CVE-2024-4511 Shanghai Sunfull Automation BACnet Server HMI1002-ARM Message buffer overflow
A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The...
6.3CVSS
6.8AI Score
0.0004EPSS
Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.42.10 through publicly exposed log files. This makes it possible for unauthenticated attackers to...
4.3CVSS
6.5AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Lenovo Diagnostics
CVE-2022-3699 Incorrect access control for the Lenovo...
7.8CVSS
7.9AI Score
0.002EPSS
CVE-2024-2424 Rockwell Automation Input/Output Device Vulnerable to Major Nonrecoverable Fault
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required....
7.5CVSS
7.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: qt6-qtwebsockets-6.7.1-1.fc40
The QtWebSockets module implements the WebSocket protocol as specified in R FC 6455. It solely depends on Qt (no external...
6.2AI Score
0.0004EPSS
CVE-2022-3205 Controller: cross site scripting in automation controller ui
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS...
4.6CVSS
6.3AI Score
0.001EPSS
CVE-2024-24919 Exploit CVE Identifier: CVE-2024-24919...
8.6CVSS
6.2AI Score
0.945EPSS