F5 Networks BIG-IP : Linux kernel usbmon vulnerability (K000139700)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139700 advisory. drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space...
6.7CVSS
7AI Score
0.0004EPSS
F5 Networks BIG-IP : Speculative race conditions vulnerabilities (K000139682)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139682 advisory. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting ...
5.5CVSS
7.8AI Score
0.0004EPSS
Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...
6.1CVSS
6.1AI Score
0.001EPSS
F5 Networks BIG-IP : TMM vulnerability (K95434410)
Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane....
7.5CVSS
7.6AI Score
0.001EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
Cyberspace Mapping Dork Fofa ```...
10CVSS
7.3AI Score
0.957EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
7.1AI Score
0.0004EPSS
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...
9.8CVSS
6.8AI Score
0.001EPSS
VMware VRealize Network Insight - Remote Code Execution
VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the...
9.8CVSS
10AI Score
0.967EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
6AI Score
0.0004EPSS
Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
F5 Networks BIG-IP : BIG-IP engineering hotfix Trusted Platform Module vulnerability (K91171450)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K91171450 advisory. On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect ...
4.6CVSS
4.8AI Score
0.001EPSS
Weaver E-Office 9.5 - Remote Code Execution
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
9.8CVSS
7.8AI Score
0.106EPSS
GlobalProtect - OS Command Injection
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama...
10CVSS
9.9AI Score
0.957EPSS
Magento Mass Importer <0.7.24 - Remote Auth Bypass
Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection...
9.8CVSS
9.5AI Score
0.056EPSS
7.4AI Score
7.4AI Score
0.0004EPSS
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an...
4.7CVSS
4.5AI Score
0.0004EPSS
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability
Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...
7.5AI Score
F5 Networks BIG-IP : GNU C Library (glibc) vulnerability (K52494142)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K52494142 advisory. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes...
5.9CVSS
6.1AI Score
0.007EPSS
F5 Networks BIG-IP : TMM vulnerability (K57111075)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K57111075 advisory. On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual...
7.5CVSS
7.8AI Score
0.001EPSS
@workos-inc/authkit-nextjs session replay vulnerability
Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...
4.8CVSS
5.2AI Score
0.0004EPSS
@workos-inc/authkit-nextjs session replay vulnerability
Impact A user can reuse an expired session by controlling the x-workos-session header. Patches Patched in...
4.8CVSS
7.1AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP SSL vulnerability (K000138912)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.4 / 16.1.4.3 / 17.1.1.3. It is, therefore, affected by a vulnerability as referenced in the K000138912 advisory. When an SSL profile with alert timeout is configured with a non-default value on a virtual...
5.9CVSS
5.8AI Score
0.0004EPSS
F5 Networks BIG-IP IPsec DoS (K000132420)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000132420 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...
7.5CVSS
7.7AI Score
0.0005EPSS
Palo Alto Networks PAN-OS Firewall/Panorama Web UI Detection
The web interface for Palo Alto Networks PAN-OS firewall or Panorama was detected on the remote host. Panorama is a centralized management solution used for Palo Alto Networks...
1.2AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config
Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Advisory ID: ZSL-2024-5815 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment demodulates...
7.3AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Advisory ID: ZSL-2024-5814 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment...
7.7AI Score
F5 Networks BIG-IP : BIG-IP IPsec vulnerability (K000138728)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138728 advisory. When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to...
7.5CVSS
7AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....
3.5CVSS
6.6AI Score
0.0004EPSS
Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed
By Waqas Millions of IoT and industrial devices at risk! Critical vulnerabilities in Cinterion cellular modems allow remote attackers to take control. This is a post from HackRead.com Read the original post: Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks...
7.7AI Score
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via...
6.5CVSS
7AI Score
0.002EPSS
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K97035296 advisory. Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative...
5.6CVSS
6.2AI Score
0.001EPSS
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...
8CVSS
7.3AI Score
0.0004EPSS
F5 Networks BIG-IP : HTTP profile vulnerability (K43881487)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K43881487 advisory. On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the...
7.5CVSS
7.8AI Score
0.001EPSS
F5 Networks BIG-IP : iControl REST vulnerability (K15101402)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K15101402 advisory. On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated...
4.3CVSS
5.1AI Score
0.001EPSS
F5 Networks BIG-IP : TMUI XSS vulnerability (K25451853)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K25451853 advisory. On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x...
8.8CVSS
8.1AI Score
0.002EPSS
F5 Networks BIG-IP : BIG-IP HTTP non-RFC-compliant security exposure (K11342432)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 15.1.7 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K11342432 advisory. This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a...
7.3AI Score
A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is...
6.1CVSS
6.4AI Score
0.001EPSS
F5 Networks BIG-IP : NTP vulnerability (K82570157)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K82570157 advisory. ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric...
5.3CVSS
7.5AI Score
0.001EPSS
F5 Networks BIG-IP : glibc vulnerability (K54823184)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K54823184 advisory. In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap- based...
9.8CVSS
9.6AI Score
0.004EPSS
F5 Networks BIG-IP : NTP vulnerability (K44305703)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K44305703 advisory. ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated ...
7.5CVSS
7.6AI Score
0.033EPSS
F5 Networks BIG-IP : Wireshark vulnerabilities (K02215905)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K02215905 advisory. In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol ...
7.5CVSS
7.8AI Score
0.004EPSS
F5 Networks BIG-IP : jQuery vulnerability (K02453220)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K02453220 advisory. In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after...
6.9CVSS
7.4AI Score
0.061EPSS
F5 Networks BIG-IP : NTP vulnerability (K09940637)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K09940637 advisory. Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is...
8.1CVSS
8.1AI Score
0.014EPSS
F5 Networks BIG-IP : Node.js vulnerability (K000135831)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000135831 advisory. c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends...
7.5CVSS
7.8AI Score
0.001EPSS
F5 Networks BIG-IP : OpenJDK vulnerability (K000134793)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000134793 advisory. Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency)....
3.7CVSS
4.6AI Score
0.002EPSS
F5 Networks BIG-IP : PHP vulnerability (K000134747)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000134747 advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate...
8.1CVSS
8AI Score
0.002EPSS