Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-28042 SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

7.1AI Score

0.0004EPSS

2024-05-15 04:44 PM
nessus
nessus

F5 Networks BIG-IP : BIG-IP and BIG-IQ TACACS+ Audit Log Information Leakage (K06110200)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K06110200 advisory. When TACACS+ audit forwarding is configured on a BIG-IP or BIG-IQ system, shared secret is logged in plaintext....

5.5CVSS

5.9AI Score

0.0004EPSS

2023-10-13 12:00 AM
6
githubexploit
githubexploit

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413 - POC Usage: ```python CVE-2024-21413.py...

9.8CVSS

9.5AI Score

0.006EPSS

2024-02-16 09:10 PM
29
cvelist
cvelist

CVE-2024-28042 SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

8.7AI Score

0.0004EPSS

2024-05-15 04:44 PM
cvelist
cvelist

CVE-2024-1447

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-02-20 06:56 PM
1
nvd
nvd

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

EPSS

2024-06-06 07:15 PM
1
veracode
veracode

Content Bypass

chrome is vulnerable to a Content Bypass. The vulnerability is due to inappropriate implementation in Networks within Google Chrome versions, allows a remote attacker to bypass mixed content policy via a crafted HTML...

8.4AI Score

0.0004EPSS

2024-04-23 05:32 AM
5
osv
osv

CVE-2023-32077

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

7.5CVSS

6.9AI Score

0.097EPSS

2023-08-24 10:15 PM
4
nvd
nvd

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS

5.7AI Score

0.001EPSS

2024-06-05 08:15 AM
cve
cve

CVE-2024-5006

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

6AI Score

0.001EPSS

2024-06-05 08:15 AM
22
osv
osv

CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1.....

7.5CVSS

6.9AI Score

0.001EPSS

2023-08-24 10:15 PM
3
cvelist
cvelist

CVE-2024-36735

OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is...

EPSS

1976-01-01 12:00 AM
cve
cve

CVE-2024-28042

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

7AI Score

0.0004EPSS

2024-05-15 05:15 PM
8
cve
cve

CVE-2024-36736

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...

7.2AI Score

EPSS

2024-06-06 06:15 PM
20
cvelist
cvelist

CVE-2024-35638 WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...

4.3CVSS

5AI Score

0.0004EPSS

2024-06-03 08:57 AM
1
nvd
nvd

CVE-2021-26724

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

7.2CVSS

0.002EPSS

2021-02-22 09:15 PM
2
nvd
nvd

CVE-2024-4362

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-22 09:15 AM
cvelist
cvelist

CVE-2024-3849

The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution...

8.8CVSS

9.1AI Score

0.001EPSS

2024-05-02 04:52 PM
vulnrichment
vulnrichment

CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to...

8.1CVSS

6.9AI Score

0.001EPSS

2024-04-12 03:03 PM
nvd
nvd

CVE-2021-26725

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

4.9CVSS

0.001EPSS

2021-02-22 09:15 PM
cve
cve

CVE-2021-26725

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

7.2CVSS

5AI Score

0.001EPSS

2021-02-22 09:15 PM
33
cve
cve

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.3CVSS

5.5AI Score

0.0005EPSS

2024-06-10 08:15 AM
21
osv
osv

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

6.5AI Score

0.0004EPSS

2024-05-10 02:32 PM
6
tibco
tibco

TIBCO Security Advisory: May 28, 2024 - TIBCO Managed File Transfer Platform Server for Unix - CVE-2024-4407

TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...

7.8AI Score

EPSS

2024-05-28 05:53 PM
6
cve
cve

CVE-2024-35638

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...

4.3CVSS

7.2AI Score

0.0004EPSS

2024-06-03 09:15 AM
16
vulnrichment
vulnrichment

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

6.8AI Score

EPSS

1976-01-01 12:00 AM
osv
osv

GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id...

6.1CVSS

5.7AI Score

0.001EPSS

2022-05-17 12:36 AM
3
cve
cve

CVE-2024-1043

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-02-29 01:43 AM
49
vulnrichment
vulnrichment

CVE-2024-35638 WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-03 08:57 AM
osv
osv

CVE-2023-48310

TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created...

9.1CVSS

6.5AI Score

0.001EPSS

2023-11-20 11:15 PM
4
cve
cve

CVE-2024-30926

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc...

7.2AI Score

0.0004EPSS

2024-04-18 10:15 PM
25
cvelist
cvelist

CVE-2024-30926

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc...

7.2AI Score

0.0004EPSS

2024-04-18 12:00 AM
cvelist
cvelist

CVE-2024-36736

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...

EPSS

1976-01-01 12:00 AM
1
cve
cve

CVE-2022-0550

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks...

7.2CVSS

7.1AI Score

0.001EPSS

2022-03-24 03:15 PM
59
nvd
nvd

CVE-2024-36736

An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is...

EPSS

2024-06-06 06:15 PM
cvelist
cvelist

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 07:40 AM
cvelist
cvelist

CVE-2021-26724 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

7.2CVSS

7.8AI Score

0.002EPSS

2021-02-22 12:00 AM
1
nvd
nvd

CVE-2024-36743

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with...

EPSS

2024-06-06 06:15 PM
vulnrichment
vulnrichment

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-06-10 07:40 AM
nvd
nvd

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.3CVSS

0.0005EPSS

2024-06-10 08:15 AM
2
nvd
nvd

CVE-2024-36730

Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones...

EPSS

2024-06-06 07:15 PM
cve
cve

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

7AI Score

EPSS

2024-06-06 06:15 PM
27
cvelist
cvelist

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

EPSS

1976-01-01 12:00 AM
vulnrichment
vulnrichment

CVE-2024-36745

An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select...

6.8AI Score

EPSS

1976-01-01 12:00 AM
1
github
github

GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id...

6.1CVSS

5.7AI Score

0.001EPSS

2022-05-17 12:36 AM
4
osv
osv

GeniXCMS SQL Injection

GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid...

8.8CVSS

8.2AI Score

0.001EPSS

2022-05-17 02:46 AM
7
cve
cve

CVE-2024-32826

Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-04-26 11:15 AM
29
vulnrichment
vulnrichment

CVE-2024-5006 Boostify Header Footer Builder for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via size Parameter

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-05 07:34 AM
nvd
nvd

CVE-2022-0551

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...

7.2CVSS

0.001EPSS

2022-03-24 03:15 PM
1
cvelist
cvelist

CVE-2021-26725 Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...

7.2CVSS

7.1AI Score

0.001EPSS

2021-02-22 12:00 AM
Total number of security vulnerabilities314659