Honeywell FALCON XL Web Controller Multiple Vulnerabilities
The remote host is a Honeywell FALCON XL Web SCADA controller that is running a firmware version affected by the following vulnerabilities : The change password page can be accessed without authentication to determine users' password hashes, which can allow a remote attacker to gain...
2.8AI Score
0.003EPSS
Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...
8.6CVSS
6.9AI Score
0.001EPSS
QNAP QTS/QES/QuTS hero - Web Detection
Detects the web interface for QNAP QTS/QES/QuTS hero on the remote...
0.8AI Score
D-Link DIR Router Web Interface Detection
Nessus was able to detect the web interface for a D-Link DIR router on the remote...
1.3AI Score
Emerson SM-Ethernet Web Interface Default Credentials
It was possible to log into the remote Emerson SM-Ethernet web interface by providing the default credentials. A remote attacker can exploit this to gain administrative...
4.3AI Score
Honeywell XL Web Controller FTP Directory Traversal
The remote host is a Honeywell XL Web SCADA controller that is running a firmware version affected by a directory traversal vulnerability in the FTP server. A remote, unauthenticated attacker can exploit this to gain access to the web root...
2.2AI Score
Tridium Niagara AX Web Server Multiple Vulnerabilities
The remote host is running a version of Tridium Niagara AX Web Server that is affected by multiple vulnerabilities : A directory traversal vulnerability exists that allows access to a file that stores login usernames and passwords. (CVE-2012-4027) The system insecurely stores user...
2AI Score
0.003EPSS
Plone allows anonymous users to reset any users password through the web via Password Reset Tool
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security...
7.2AI Score
0.002EPSS
CVE-2024-35710 WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through...
5.3CVSS
0.0004EPSS
Lin CMS Spring Boot - Default JWT Token
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the...
7.5CVSS
7.4AI Score
0.016EPSS
7.3AI Score
CVE-2024-35710 WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
GetSimple CMS 3.3.13 - Open Redirect
GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized...
6.1CVSS
6.3AI Score
0.001EPSS
Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through...
7.7CVSS
7.5AI Score
0.0004EPSS
RHEL 8 / 9 : Red Hat JBoss Web Server 6.0.2 (RHSA-2024:1916)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1916 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
7.8AI Score
0.0004EPSS
A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. Bugs https://github.com/yaml/libyaml/issues/297 Notes Author| Note ---|--- jdstrand | golang-goyaml is a go...
6.6AI Score
0.0004EPSS
CVE-2023-42121 Control Web Panel Missing Authentication Remote Code Execution Vulnerability
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
9.8CVSS
10AI Score
0.001EPSS
CVE-2023-42121 Control Web Panel Missing Authentication Remote Code Execution Vulnerability
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
9.8CVSS
8.1AI Score
0.001EPSS
Web Cache Poisoning Denial of Service
A caching system has been detected on the application and is vulnerable to web cache poisoning. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains...
6.9AI Score
CVE-2024-4174 Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server
Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the...
5.4CVSS
5.5AI Score
0.0004EPSS
In today’s interconnected digital world, the role of web applications and APIs has become central to business operations, acting as gateways to vast amounts of valuable data and services. However, their widespread use and accessibility make them prime targets for cybercriminals, posing substantial....
7.7AI Score
CVE-2023-51418 WordPress JVM rich text icons plugin <= 1.2.6 - Arbitrary File Deletion vulnerability
Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through...
7.7CVSS
7.8AI Score
0.0004EPSS
7.4AI Score
RHEL 8 / 9 : Red Hat JBoss Web Server 6.0.1 (RHSA-2024:1324)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1324 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
7.5CVSS
8.2AI Score
0.005EPSS
mocodo is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation at /web/rewrite.php, which allows an attacker to inject and execute arbitrary...
7.7AI Score
EPSS
Autodesk Design Review Installed
Autodesk Design Review, a review software for Autodesk designs, is installed on the remote Windows...
3.3AI Score
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
0.0004EPSS
CVE-2024-3095 SSRF in Langchain Web Research Retriever in langchain-ai/langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
7.5AI Score
0.0004EPSS
Moodle Privilege escalation in quiz web services
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the...
4.3CVSS
7.1AI Score
0.001EPSS
Moodle Privilege escalation in quiz web services
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the...
4.3CVSS
6.6AI Score
0.001EPSS
CVE-2023-5935 Missing authentication for local web interface in Arc before v1.6.0
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window...
7.4CVSS
7.4AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The.....
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The.....
3.5CVSS
4.1AI Score
0.0004EPSS
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the...
9CVSS
7AI Score
0.001EPSS
Exploit for Improper Authorization in Samsung Members
CVE-2021-25374 - Samsung Account Access Script This script...
8.6CVSS
6.9AI Score
0.002EPSS
Sensitive Information Disclosure
github.com/minio/minio/ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the ability to infer the existence of objects on a server by sending anonymous requests with random object...
5.3CVSS
6.7AI Score
0.0004EPSS
mocodo is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...
8.5AI Score
EPSS
Mattermost crashes web clients via a malformed custom status
Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom...
4.3CVSS
6.6AI Score
0.0004EPSS
design-smart-home.de Cross Site Scripting vulnerability OBB-3915790
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2023-5935 Missing authentication for local web interface in Arc before v1.6.0
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. A malicious local user or process, during a window...
7.4CVSS
7.9AI Score
0.0004EPSS
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the.....
9CVSS
7AI Score
0.001EPSS
bind, bind-dyndb-ldap, and dhcp security update
bind [32:9.11.4-26.P2.16] - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Add missing design by contract tests to dns_catz* - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Do not use header_prev in expire_lru_headers...
7.5CVSS
7AI Score
0.05EPSS
RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 2 (RHSA-2019:0451)
An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity...
9.8CVSS
9.2AI Score
0.067EPSS
summernote is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to insufficient input validation and sanitization of user-provided content, allowing malicious scripts to be executed within the context of the application when viewed in code...
6.2AI Score
0.0004EPSS
VMware Carbon Black App Control Web Console Detection
The web console for VMware Carbon Black App Control, formerly known as Cb Protection and Bit9 Parity, was detected on the remote...
1.8AI Score
MicroLogix 1400 PLC Web Server Request Handling RCE
The firmware installed on the remote Allen-Bradley MicroLogix 1400 PLC device is a version prior to 15.004. It is, therefore, affected by a stack-based buffer overflow condition due to improper validation of user-supplied input when handling web requests. An unauthenticated, remote attacker can...
4.5AI Score
HP Intelligent Management Center Web Administration Interface Detection
The web administration interface for HP Intelligent Management Center (IMC) was detected on the remote host. HP IMC is a comprehensive wired and wireless network management tool supporting the FCAPS...
1.1AI Score
Apache ActiveMQ 5.x < 5.14.0 ActiveMQ Fileserver web application remote code execution (Xbash)
The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.14.0. It is, therefore, affected by a remote code execution vulnerability. The Fileserver web application allows remote attackers to upload and execute arbitrary...
9.8CVSS
9.3AI Score
0.84EPSS
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid...
7.8CVSS
7.5AI Score
0.001EPSS
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_invoice.php. The manipulation of the argument teacher_id leads to sql injection. It is possible to launch the attack.....
6.3CVSS
6.8AI Score
0.0004EPSS