Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

nessus
nessus

F5 Networks BIG-IP : BIG-IP Edge Client for macOS Privilege Escalation (K000136185)

The version of F5 Networks BIG-IP installed on the remote macOS host is prior or equal to 17.1.0 / 16.1.4 / 15.1.10 / 14.1.5 / 13.1.5. It is, therefore, affected by a vulnerability as referenced in the K000136185 advisory. The BIG-IP Edge Client Installer on macOS does not follow best practices...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-10-13 12:00 AM
4
nessus
nessus

F5 Networks BIG-IP : BIG-IP and BIG-IQ iControl SOAP vulnerability (K000133472)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.5 / 15.1.9.1 / 16.1.3.5 / 17.1.0.2. It is, therefore, affected by a vulnerability as referenced in the K000133472 advisory. An authenticated attacker with guest privileges or higher can cause the iControl SOAP...

4.3CVSS

4.9AI Score

0.0004EPSS

2023-08-02 12:00 AM
10
nessus
nessus

F5 Networks BIG-IP : BIG-IP virtual server TCP sequence numbers vulnerability (K64571774)

On specific BIG-IP platforms, attackersmay be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers.(CVE-2020-5947) Impact Attackers may be able to spoof TCP packets to be used by a future...

4.3CVSS

4.5AI Score

0.001EPSS

2020-11-19 12:00 AM
34
cve
cve

CVE-2024-1043

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-02-29 01:43 AM
49
vulnrichment
vulnrichment

CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 04:29 AM
nvd
nvd

CVE-2024-4697

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-04 06:15 AM
1
osv
osv

CVE-2023-0867

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and...

6.7CVSS

6.2AI Score

0.001EPSS

2023-02-23 03:15 PM
2
nessus
nessus

F5 Networks BIG-IP : BIG-IP and BIG-IQ DB Variable Vulnerability (K20850144)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K20850144 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. ...

6.5CVSS

6.7AI Score

0.0005EPSS

2023-10-13 12:00 AM
9
nessus
nessus

F5 Networks BIG-IP : Appliance mode TMUI authenticated remote command execution vulnerability (K18132488)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K18132488 advisory. On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before...

9.9CVSS

9.5AI Score

0.002EPSS

2021-03-10 12:00 AM
19
cve
cve

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.3AI Score

0.001EPSS

2024-06-04 07:18 PM
14
nessus
nessus

Juniper Junos OS Vulnerability (JSA69716)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69716 advisory. An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated...

7.5CVSS

7.5AI Score

0.001EPSS

2022-08-03 12:00 AM
18
cvelist
cvelist

CVE-2023-30313

An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of...

6.5AI Score

EPSS

1976-01-01 12:00 AM
1
cve
cve

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

7.2AI Score

EPSS

2024-06-06 07:15 PM
26
cvelist
cvelist

CVE-2023-30309

An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of...

6.5AI Score

EPSS

1976-01-01 12:00 AM
2
nvd
nvd

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 08:15 AM
cve
cve

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.3CVSS

5.5AI Score

0.0005EPSS

2024-06-10 08:15 AM
21
osv
osv

CVE-2023-0846

Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon...

6.7CVSS

6.1AI Score

0.001EPSS

2023-02-22 07:15 PM
6
cvelist
cvelist

CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to...

8.1CVSS

8.2AI Score

0.001EPSS

2024-04-12 03:03 PM
vulnrichment
vulnrichment

CVE-2024-3946 WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 04:31 AM
2
cvelist
cvelist

CVE-2024-1360

The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended.....

4.3CVSS

4.5AI Score

0.0004EPSS

2024-02-23 11:03 AM
cvelist
cvelist

CVE-2024-3670

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-02 04:52 PM
nvd
nvd

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

EPSS

2024-06-06 07:15 PM
1
nessus
nessus

F5 Networks BIG-IP : BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, and NGINX App Protect WAF attack signature check failure (K000138898)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138898 advisory. BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack ...

7.4AI Score

2024-05-16 12:00 AM
2
osv
osv

CVE-2023-40314

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...

6.1CVSS

6.5AI Score

0.0005EPSS

2023-11-16 10:15 PM
5
nvd
nvd

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level.....

4.3CVSS

4.3AI Score

0.001EPSS

2024-06-06 12:15 PM
nvd
nvd

CVE-2024-5191

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS

0.001EPSS

2024-06-21 07:15 AM
2
nessus
nessus

F5 Networks BIG-IP : Microarchitectural Store Buffer Data Sampling (MSBDS) (K52370164)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K52370164 advisory. Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative...

5.6CVSS

6.6AI Score

0.001EPSS

2023-11-02 12:00 AM
4
nessus
nessus

F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136909)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K000136909 advisory. BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which...

8.2CVSS

8.3AI Score

0.001EPSS

2023-09-27 12:00 AM
7
nessus
nessus

F5 Networks BIG-IP : Intel processors MMIO stale data vulnerability (K08152433)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K08152433 advisory. Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an ...

5.5CVSS

6.8AI Score

0.0005EPSS

2022-07-22 12:00 AM
15
cvelist
cvelist

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-03-29 06:44 AM
vulnrichment
vulnrichment

CVE-2024-5152 ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-06 03:53 AM
1
cve
cve

CVE-2024-36736

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...

7.2AI Score

EPSS

2024-06-06 06:15 PM
20
cvelist
cvelist

CVE-2024-25095 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-04 06:37 PM
1
vulnrichment
vulnrichment

CVE-2024-28042 SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

7.1AI Score

0.0004EPSS

2024-05-15 04:44 PM
cve
cve

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

6AI Score

0.001EPSS

2024-06-05 08:15 AM
22
vulnrichment
vulnrichment

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-06-10 07:40 AM
githubexploit
githubexploit

Exploit for CVE-2023-33105

CVE-2023-33105: Transient DOS in WLAN Host and Firmware...

7.5CVSS

7.3AI Score

0.0005EPSS

2024-06-10 05:20 PM
89
cvelist
cvelist

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

EPSS

1976-01-01 12:00 AM
cvelist
cvelist

CVE-2024-28042 SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

8.7AI Score

0.0004EPSS

2024-05-15 04:44 PM
vulnrichment
vulnrichment

CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to...

8.1CVSS

6.9AI Score

0.001EPSS

2024-04-12 03:03 PM
hackread
hackread

Sophon and Aethir Partner to Bring Decentralized Compute to The ZK Community

Sophon and Aethir have announced the beginning of a strategic collaboration between the two networks, connecting the...

7.3AI Score

2024-06-19 03:10 PM
vulnrichment
vulnrichment

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

6.8AI Score

EPSS

1976-01-01 12:00 AM
nvd
nvd

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

EPSS

2024-06-06 06:15 PM
cvelist
cvelist

CVE-2024-35638 WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...

4.3CVSS

5AI Score

0.0004EPSS

2024-06-03 08:57 AM
1
nessus
nessus

F5 Networks BIG-IP : BIG-IP virtual server with FastL4 profile vulnerability (K30573026)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.4 / 15.1.4 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K30573026 advisory. On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, ...

5.3CVSS

5.8AI Score

0.001EPSS

2022-01-19 12:00 AM
8
nvd
nvd

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-04 07:18 PM
1
cve
cve

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

7AI Score

EPSS

2024-06-06 06:15 PM
28
cvelist
cvelist

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

EPSS

1976-01-01 12:00 AM
vulnrichment
vulnrichment

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

6.8AI Score

EPSS

1976-01-01 12:00 AM
1
cve
cve

CVE-2024-28042

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

7AI Score

0.0004EPSS

2024-05-15 05:15 PM
8
Total number of security vulnerabilities315051