Lucene search

K

B&R Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-35796 net: ll_temac: platform_get_resource replaced by wrong function

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

6.9AI Score

0.0004EPSS

2024-05-17 01:23 PM
githubexploit
githubexploit

Exploit for CVE-2023-43208

CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)...

9.8CVSS

8.2AI Score

0.96EPSS

2024-03-15 12:03 PM
34
kitploit
kitploit

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

7AI Score

2024-05-31 12:30 PM
11
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series Cleartext Transmission of Sensitive Information (CVE-2021-20599)

Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining...

9.1CVSS

7.7AI Score

0.003EPSS

2022-02-07 12:00 AM
10
githubexploit
githubexploit

Exploit for Code Injection in Crushftp

CVE-2024-4040: CrushFTP File Read Vulnerability Overview...

10CVSS

9.5AI Score

0.966EPSS

2024-05-01 02:42 PM
86
redhat
redhat

(RHSA-2024:3017) Important: edk2 security update

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235) EDK2:...

7.4AI Score

0.006EPSS

2024-05-22 06:35 AM
2
githubexploit
githubexploit

Exploit for Command Injection in Dlink Dns-320L Firmware

🛠️ CVE-2024-3273 Exploit Tool 🌟 Introduction This script...

9.8CVSS

8.8AI Score

0.935EPSS

2024-04-07 03:09 AM
186
cvelist
cvelist

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-02-13 06:27 AM
githubexploit
githubexploit

Exploit for Missing Authorization in Inspireui Mstore Api

MSAPer | CVE-2023-3076 - MStore API Automatic Mass Tool for...

9.8AI Score

2023-09-19 04:59 AM
477
cve
cve

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-02-13 07:15 AM
20
cve
cve

CVE-2024-22390

Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...

4.4CVSS

7AI Score

0.0004EPSS

2024-05-16 09:16 PM
29
cve
cve

CVE-2023-39433

Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local...

4.4CVSS

7.1AI Score

0.0004EPSS

2024-05-16 09:15 PM
24
cve
cve

CVE-2023-40155

Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7.1AI Score

0.0004EPSS

2024-05-16 09:15 PM
23
githubexploit
githubexploit

Exploit for CVE-2023-22515

CVE-2023-22515-Scan About This is simple scanner for...

9.8CVSS

9.6AI Score

0.973EPSS

2023-10-06 08:29 PM
427
cve
cve

CVE-2024-2247

JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...

8.8CVSS

8.2AI Score

0.0004EPSS

2024-03-13 02:15 PM
34
cvelist
cvelist

CVE-2024-2247 JFrog Artifactory Cross-Site Scripting

JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...

8.8CVSS

8.5AI Score

0.0004EPSS

2024-03-13 02:06 PM
packetstorm

7AI Score

0.003EPSS

2024-05-29 12:00 AM
53
cve
cve

CVE-2024-4142

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

9CVSS

6.9AI Score

0.0004EPSS

2024-05-01 09:15 PM
37
cve
cve

CVE-2024-21818

Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-16 09:16 PM
30
metasploit
metasploit

Flowmon Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...

10CVSS

7.3AI Score

0.003EPSS

2024-05-01 03:42 PM
15
cve
cve

CVE-2023-43745

Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local...

2.8CVSS

6.5AI Score

0.0004EPSS

2024-05-16 09:15 PM
25
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Weak Password Requirements (CVE-2023-2060)

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...

7.5CVSS

7.7AI Score

0.003EPSS

2023-06-30 12:00 AM
6
nvd
nvd

CVE-2024-0220

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...

8.3CVSS

8.6AI Score

0.0004EPSS

2024-02-22 11:15 AM
githubexploit
githubexploit

Exploit for Code Injection in Apache Airflow

Apache Airflow < 2.4.0 RCE (CVE-2022-40127) **PoC for...

8.8CVSS

9AI Score

0.436EPSS

2023-07-21 12:55 PM
185
cve
cve

CVE-2023-41082

Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local...

4.4CVSS

6.5AI Score

0.0004EPSS

2024-05-16 09:15 PM
25
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Missing Password Field Masking (CVE-2023-2062)

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.9AI Score

0.001EPSS

2023-06-30 12:00 AM
6
zdt
zdt

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...

8AI Score

0.003EPSS

2024-05-29 12:00 AM
56
githubexploit
githubexploit

Exploit for CVE-2024-25600

CVE-2024-25600 Exploit Tool 🚀 Description 📝 This tool 🛠️...

10CVSS

8.6AI Score

0.001EPSS

2024-02-22 10:53 AM
304
metasploit
metasploit

Eaton Xpert Meter SSH Private Key Exposure Scanner

Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and...

7.5AI Score

2018-08-31 10:55 PM
46
cve
cve

CVE-2023-29153

Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network...

4.9CVSS

5AI Score

0.0004EPSS

2024-02-14 02:15 PM
13
cve
cve

CVE-2023-48727

NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local...

3.3CVSS

6.1AI Score

0.0004EPSS

2024-05-16 09:16 PM
31
cvelist
cvelist

CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

9CVSS

9.4AI Score

0.0004EPSS

2024-05-01 08:18 PM
osv
osv

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...

7.4AI Score

EPSS

2024-06-02 10:30 PM
14
githubexploit
githubexploit

Exploit for Improper Initialization in Linux Linux Kernel

CVE-2022-0847 Dirty Pipe linux内核提权分析 [toc]...

7.8CVSS

8AI Score

0.076EPSS

2022-03-10 01:27 AM
437
cve
cve

CVE-2023-27504

Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...

7.2CVSS

7AI Score

0.0004EPSS

2024-05-16 09:15 PM
25
cve
cve

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

6.5AI Score

0.0004EPSS

2024-05-16 09:15 PM
34
vulnrichment
vulnrichment

CVE-2024-22390

Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...

4.4CVSS

7.1AI Score

0.0004EPSS

2024-05-16 08:47 PM
githubexploit
githubexploit

Exploit for Classic Buffer Overflow in Qualcomm Apq8009 Firmware

Exploit code for CVE-2021-1961. Full write-up is available [on...

6.7CVSS

0.7AI Score

0.0004EPSS

2022-09-03 01:31 PM
424
cve
cve

CVE-2023-45221

Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local...

4.8CVSS

7.1AI Score

0.0004EPSS

2024-05-16 09:15 PM
26
github
github

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as <behaviour-name>'. Internally this is done using the __set() magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using...

7.4AI Score

EPSS

2024-06-02 10:30 PM
10
cve
cve

CVE-2024-21835

Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

6.9AI Score

0.0004EPSS

2024-05-16 09:16 PM
27
cvelist
cvelist

CVE-2024-22390

Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...

4.4CVSS

4.8AI Score

0.0004EPSS

2024-05-16 08:47 PM
nessus
nessus

RHEL 5 : microcode_ctl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: Intel SGX information leak (CVE-2019-0117) Improper conditions check in the voltage modulation...

6CVSS

6.7AI Score

0.0004EPSS

2024-06-03 12:00 AM
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 RCE Pseudoshell This script leverages...

10CVSS

10AI Score

0.931EPSS

2023-11-12 11:26 AM
114
cve
cve

CVE-2023-45743

Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-16 09:15 PM
28
cve
cve

CVE-2023-40071

Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7AI Score

0.0004EPSS

2024-05-16 09:15 PM
25
fedora
fedora

[SECURITY] Fedora 38 Update: nextcloud-28.0.4-2.fc38

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....

3.7CVSS

7.3AI Score

0.001EPSS

2024-05-01 01:38 AM
3
cvelist
cvelist

CVE-2024-22015

Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-05-16 08:47 PM
vulnrichment
vulnrichment

CVE-2024-22015

Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-16 08:47 PM
cvelist
cvelist

CVE-2023-43745

Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local...

2.8CVSS

3.8AI Score

0.0004EPSS

2024-05-16 08:47 PM
Total number of security vulnerabilities101106