Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

cvelist
cvelist

CVE-2024-1762 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.1AI Score

0.0004EPSS

2024-05-22 06:50 AM
1
cve
cve

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.2AI Score

0.0004EPSS

2024-05-22 07:15 AM
27
nessus
nessus

F5 Networks BIG-IP : libxml2 vulnerability (K000139641)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139641 advisory. In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and...

6.5CVSS

6.6AI Score

0.001EPSS

2024-05-17 12:00 AM
5
nessus
nessus

F5 Networks BIG-IP : BIG-IP AFM vulnerability (K000137521)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137521 advisory. When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-02-14 12:00 AM
6
nessus
nessus

F5 Networks BIG-IP Detection

Nessus was able to obtain version information for an F5 Networks BIG-IP device on the remote host via...

3AI Score

2014-07-31 12:00 AM
19
githubexploit
githubexploit

Exploit for CVE-2023-38831

VolleyballSquid-----CVE-2023-38831-and-Bypass-UAC This is my...

7.8CVSS

8.2AI Score

0.346EPSS

2024-04-01 03:59 PM
92
nuclei
nuclei

DedeCMS 5.7 - Path Disclosure

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or...

7.5CVSS

7.5AI Score

0.024EPSS

2021-03-15 06:54 AM
13
nessus
nessus

F5 Networks BIG-IP : Appliance mode vulnerability (K46524395)

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...

6.5CVSS

6.5AI Score

0.001EPSS

2019-05-01 12:00 AM
13
nessus
nessus

VMWare Aria Operations for Networks Authentication Bypass (CVE-2023-34039) (Direct Check)

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks...

9.8CVSS

7.5AI Score

0.945EPSS

2023-10-17 12:00 AM
4
nessus
nessus

F5 Networks BIG-IQ Detection

Nessus was able to obtain version information for an F5 Networks BIG-IQ device on the remote host via an SSH login or by examining HTTP services running on the device. BIG-IQ is a product for managing BIG-IP...

2.8AI Score

2014-05-09 12:00 AM
14
osv
osv

CVE-2023-36088

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...

7.5CVSS

7.4AI Score

0.001EPSS

2023-09-01 04:15 PM
12
nessus
nessus

F5 Networks BIG-IP : Intel BIOS vulnerability (K000137204)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137204 advisory. Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user...

4.4CVSS

4.5AI Score

0.0004EPSS

2023-10-11 12:00 AM
8
fedora
fedora

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, imag es, volumes and networks...

8.3CVSS

8.4AI Score

0.0004EPSS

2024-06-11 01:51 AM
githubexploit
githubexploit

Exploit for Classic Buffer Overflow in Extremenetworks Iq Engine

CVE-2023-35803 - Unauthenticated RCE in Extreme...

9.8CVSS

9.2AI Score

0.002EPSS

2023-07-10 07:58 PM
357
fedora
fedora

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39

Prometheus exporter for podman environments exposing containers, pods, imag es, volumes and networks...

8.3CVSS

8.4AI Score

0.0004EPSS

2024-06-11 01:59 AM
1
githubexploit
githubexploit

Exploit for Cross-site Scripting in Smarty

LabelGrup Networks, official PrestaShop Partner ![LabelGrup...

6.3AI Score

2023-03-30 10:28 AM
174
nessus
nessus

F5 Networks BIG-IP : Spectre SWAPGS gadget vulnerability (K31085564)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.5 / 14.1.2.7 / 15.0.1.4 / 15.1.0.5 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K31085564 advisory. An information disclosure vulnerability exists when certain central processing...

5.6CVSS

6.8AI Score

0.001EPSS

2020-07-14 12:00 AM
20
githubexploit
githubexploit

Exploit for CVE-2024-27956

CVE-2024-27956 Note Build wordpress: docker-compose -f...

9.9CVSS

7.2AI Score

0.001EPSS

2024-04-27 11:03 AM
386
oraclelinux
oraclelinux

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-05-24 12:00 AM
27
nessus
nessus

F5 Networks BIG-IP : Libexpat vulnerability (K000139525)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139525 advisory. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in ...

7.5CVSS

7.4AI Score

0.004EPSS

2024-05-24 12:00 AM
3
debiancve
debiancve

CVE-2024-33619

In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...

7.1AI Score

0.0004EPSS

2024-06-21 11:15 AM
1
nessus
nessus

F5 Networks BIG-IP : Appliance mode tmsh vulnerability (K87659521)

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. (CVE-2019-6615) Impact Attackers can gain access to an Advanced Shell (...

4.9CVSS

5.3AI Score

0.001EPSS

2019-05-01 12:00 AM
9
packetstorm

10CVSS

9.8AI Score

0.957EPSS

2024-04-23 12:00 AM
194
githubexploit
githubexploit

Exploit for CVE-2024-5522

CVE-2024-5522-Poc CVE-2024-5522 HTML5 Video Player &lt;=...

8.2AI Score

0.0004EPSS

2024-05-31 04:41 AM
239
nvd
nvd

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.1AI Score

0.0004EPSS

2024-05-22 07:15 AM
nvd
nvd

CVE-2024-2088

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS

8.2AI Score

0.001EPSS

2024-05-22 07:15 AM
3
nessus
nessus

F5 Networks BIG-IP : BIG-IP iControl REST API vulnerability (K32544615)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K32544615 advisory. When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change ...

7.2CVSS

7.2AI Score

0.0004EPSS

2024-02-14 12:00 AM
5
nessus
nessus

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000139764)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139764 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split...

6.5AI Score

0.0004EPSS

2024-05-24 12:00 AM
5
githubexploit
githubexploit

Exploit for Command Injection in Paloaltonetworks Pan-Os

Cyberspace Mapping Dork Fofa ```...

10CVSS

7.3AI Score

0.957EPSS

2024-04-16 04:18 PM
35
nessus
nessus

F5 Networks BIG-IP : Python vulnerability (K000139685)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139685 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-05-21 12:00 AM
2
nessus
nessus

Palo Alto Networks PAN-OS Version Detection

The remote host is running Palo Alto Networks PAN-OS, an operating system for Palo Alto firewall devices. It was possible to read the PAN-OS version number by logging into the device via SSH or...

2.1AI Score

2014-03-05 12:00 AM
21
nessus
nessus

Palo Alto Networks PAN-OS Compliance Checks

Using the supplied credentials, this script performs a compliance check against the given...

1.2AI Score

2013-02-19 12:00 AM
17
nessus
nessus

F5 Networks BIG-IP : Python vulnerabilities (K000139698)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139698 advisory. Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x...

7.5CVSS

8AI Score

0.028EPSS

2024-05-20 12:00 AM
2
nessus
nessus

F5 Networks BIG-IP : BIG-IP Resource Administrator vulnerability (K38941195)

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to.....

6.5CVSS

6.4AI Score

0.001EPSS

2019-05-01 12:00 AM
11
nuclei
nuclei

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based....

6.1CVSS

6.1AI Score

0.001EPSS

2022-10-05 08:01 PM
6
nessus
nessus

F5 Networks BIG-IP : Python vulnerabilities (K000139691)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139691 advisory. An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer ...

9.8CVSS

8.2AI Score

0.01EPSS

2024-05-20 12:00 AM
2
arista
arista

Security Advisory 0098

Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...

7AI Score

EPSS

2024-06-25 12:00 AM
githubexploit
githubexploit

Exploit for Command Injection in Paloaltonetworks Pan-Os

Cyberspace Mapping Dork Fofa ```...

10CVSS

9.9AI Score

0.957EPSS

2024-04-16 04:18 PM
57
githubexploit
githubexploit

Exploit for Command Injection in Paloaltonetworks Pan-Os

Cyberspace Mapping Dork Fofa ```...

10CVSS

9.9AI Score

0.957EPSS

2024-04-16 04:18 PM
79
nuclei
nuclei

Netmaker - Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API...

7.5CVSS

7.4AI Score

0.089EPSS

2024-04-29 12:54 PM
7
nuclei
nuclei

NodeBB XML-RPC Request xmlrpc.php - XML Injection

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...

9.8CVSS

9.9AI Score

0.287EPSS

2024-03-06 06:03 PM
25
osv
osv

CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS &lt;= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...

8.1CVSS

7.3AI Score

0.002EPSS

2023-11-28 08:15 AM
9
nessus
nessus

Palo Alto Networks PAN-OS 10.1.x < 10.1.12 / 10.2.x < 10.2.8 / 11.0.x < 11.0.4 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.12 or 10.2.x prior to 10.2.8 or 11.0.x prior to 11.0.4. It is, therefore, affected by a vulnerability. A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-04-10 12:00 AM
16
zdt
zdt

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry...

10CVSS

10AI Score

0.957EPSS

2024-04-23 12:00 AM
172
nessus
nessus

A10 Networks Advanced Core OS Device Detection

Nessus was able to detect the version of the Advanced Core Operating System running on the remote host by examining the SNMP system description value. Advanced Core OS is used in A10 Networks application delivery controllers and load balancing...

2.4AI Score

2014-04-03 12:00 AM
21
cvelist
cvelist

CVE-2024-32547 WordPress Code Insert Manager (Q2W3 Inc Manager) plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

5.8CVSS

6AI Score

0.0004EPSS

2024-04-17 08:12 AM
2
nuclei
nuclei

TIBCO JasperReports Library - Directory Traversal

The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...

6.5CVSS

6.6AI Score

0.503EPSS

2023-08-03 11:24 PM
18
wpvulndb
wpvulndb

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS

6.7AI Score

0.0004EPSS

2024-04-25 12:00 AM
9
nuclei
nuclei

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-16 03:22 PM
5
Total number of security vulnerabilities315051