A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet...
6.5CVSS
6.5AI Score
0.001EPSS
An update is available for libreswan. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the...
7.4AI Score
0.0004EPSS
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop...
7.5CVSS
6.8AI Score
0.0004EPSS
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the...
5.3CVSS
5.3AI Score
0.0004EPSS
Palo Alto GlobalProtect Agent < 5.1.12 / 5.2.x < 5.2.13 / 6.0.x < 6.0.4 / 6.1.x < 6.1.1 (GPC-15349)
The version of Palo Alto GlobalProtect Agent installed on the remote host is prior to 5.1.12, 5.2.13, 6.0.4, or 6.1.1. It is, therefore, affected by a vulnerability as referenced in the GPC-15349 advisory. An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to...
5.5CVSS
5.5AI Score
0.0004EPSS
RHEL 8 : Red Hat OpenStack Platform 16.1 (openstack-nova) (RHSA-2022:0983)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0983 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a ...
6.1CVSS
6.6AI Score
0.926EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-neutron) (RHSA-2022:0996)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0996 advisory. OpenStack Networking (neutron) is a virtual network service for OpenStack. Just as OpenStack Compute (nova) provides an API to dynamically request...
6.5CVSS
6.8AI Score
0.001EPSS
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the.....
10CVSS
10AI Score
0.957EPSS
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...
6.4CVSS
7.8AI Score
0.0004EPSS
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...
6.4CVSS
5.9AI Score
0.0004EPSS
RHEL 7 : Red Hat OpenStack Platform 10.0 (openstack-neutron) (RHSA-2021:3502)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3502 advisory. Neutron is a virtual network service for OpenStack. Just like OpenStack Nova provides an API to dynamically request and configure virtual ...
6.5CVSS
6.9AI Score
0.001EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-nova) (RHSA-2023:1015)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1015 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a ...
5.7CVSS
5.7AI Score
0.003EPSS
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set....
3.7CVSS
4.1AI Score
0.0005EPSS
Genesco Inc. Confirms Payment Card Data Breach in U.S. Stores
Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and...
7.1AI Score
SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function...
8.3AI Score
0.002EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-neutron) (RHSA-2023:4283)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4283 advisory. OpenStack Networking (neutron) is a virtual network service for OpenStack. Just as OpenStack Compute (nova) provides an API to dynamically request...
6.5CVSS
5.9AI Score
0.001EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7.1AI Score
0.0004EPSS
Juniper Junos OS Time-of-check Time-of-use (TOCTOU) Race Condition DoS (JSA69902)
The version of Junos OS installed on the remote host is affected by a DoS vulnerability as referenced in the JSA69902 advisory. A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based...
5.9CVSS
5.8AI Score
0.001EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
6.9AI Score
0.0004EPSS
SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function...
8.3AI Score
0.002EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary...
7.7CVSS
7.4AI Score
0.0004EPSS
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information.....
7.1CVSS
6.9AI Score
0.0005EPSS
An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.6AI Score
EPSS
RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-neutron) (RHSA-2023:0275)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:0275 advisory. OpenStack Networking (neutron) is a virtual network service for OpenStack. Just as OpenStack Compute (nova) provides an API to dynamically request...
6.5CVSS
5.8AI Score
0.001EPSS
RHEL 7 / 8 : Red Hat OpenStack Platform (openstack-nova) (RHSA-2023:1278)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1278 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a ...
5.7CVSS
5.7AI Score
0.003EPSS
RHEL 8 : Red Hat OpenStack Platform 16.1 (openstack-neutron) (RHSA-2022:0990)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0990 advisory. OpenStack Networking (neutron) is a virtual network service for OpenStack. Just as OpenStack Compute (nova) provides an API to dynamically request...
6.5CVSS
6.8AI Score
0.001EPSS
An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.9AI Score
EPSS
An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.6AI Score
EPSS
An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.9AI Score
EPSS
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on...
4.3CVSS
4.4AI Score
0.0004EPSS
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific....
7.5CVSS
7.7AI Score
0.0005EPSS
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...
6.4CVSS
5.9AI Score
0.001EPSS
An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.6AI Score
EPSS
An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.6AI Score
EPSS
RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2023:1948)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1948 advisory. OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a ...
3.3CVSS
4.5AI Score
0.0005EPSS
An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.9AI Score
EPSS
GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id...
6.1CVSS
5.7AI Score
0.001EPSS
MyBB < 1.6.12 Multiple Vulnerabilities
According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : A cross-site scripting flaw exists in misc.php due to improper validation of input when generating a small popup list of smilies. This allows a remote attacker...
7.3AI Score
0.002EPSS
RHEL 8 : Red Hat OpenStack Platform 16.1 (openstack-neutron) (RHSA-2021:3481)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3481 advisory. Neutron is a virtual network service for Openstack, and a part of Netstack. Just like OpenStack Nova provides an API to dynamically request and ...
6.5CVSS
7AI Score
0.001EPSS
IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the.....
7.5CVSS
7.5AI Score
0.015EPSS
Juniper Junos OS Privilege Escalation (JSA69895)
The version of Junos OS installed on the remote host is affected by a privilege escalation vulnerability as referenced in the JSA69895 advisory. An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated...
8.8CVSS
8.8AI Score
0.0004EPSS
[2.18-399] - Fix tests to run in correct order [2.18-398] - Fix CVE-2023-31484 - Package tests [2.18-397] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.18-396] - Rebase patches to prevent from installing back-up files [2.18-395] - Rebuilt for...
8.1CVSS
6.8AI Score
0.004EPSS
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific....
7.5CVSS
6.9AI Score
0.0005EPSS
An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.6AI Score
EPSS
An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.6AI Score
EPSS
CVE-2024-23336 Incomplete disallowed remote addresses list in MyBB
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery (SSRF) vulnerability. The Configuration File's Disallowed Remote Addresses list...
5CVSS
5.6AI Score
0.001EPSS
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
8AI Score
EPSS
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.7AI Score
EPSS
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL...
7.7AI Score
EPSS
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid...
8.8CVSS
8.2AI Score
0.001EPSS