Lucene search

K

F5 Networks, Inc. Security Vulnerabilities

osv
osv

CVE-2023-23900

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...

6.1CVSS

6.1AI Score

0.0005EPSS

2023-08-10 12:15 PM
9
osv
osv

CVE-2021-4244

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site...

6.1CVSS

6AI Score

0.001EPSS

2022-12-12 02:15 PM
6
osv
osv

CVE-2023-4925

The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...

4.8CVSS

6AI Score

0.0004EPSS

2024-01-15 04:15 PM
9
osv
osv

CVE-2023-2518

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.2AI Score

0.001EPSS

2023-05-30 08:15 AM
8
osv
osv

CVE-2023-1323

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....

4.8CVSS

5.8AI Score

0.0005EPSS

2023-06-12 06:15 PM
9
osv
osv

CVE-2023-1324

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.2AI Score

0.001EPSS

2023-04-24 07:15 PM
9
osv
osv

CVE-2023-1325

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

6AI Score

0.001EPSS

2023-04-17 01:15 PM
7
nuclei
nuclei

VMware Aria Operations for Networks - Remote Code Execution

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code...

8.8CVSS

8.9AI Score

0.248EPSS

2023-06-27 08:37 AM
7
cve
cve

CVE-2024-22238

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-02-06 08:16 PM
20
nuclei
nuclei

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS

8.1AI Score

0.031EPSS

2021-02-14 08:00 PM
6
nuclei
nuclei

VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information...

7.5CVSS

7.5AI Score

0.488EPSS

2023-06-27 08:41 AM
7
nuclei
nuclei

Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting

Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site...

6.1CVSS

6AI Score

0.001EPSS

2021-05-02 07:26 PM
4
githubexploit
githubexploit

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Vmware Aria Operations For Networks

CVE-2023-34039 POC for CVE-2023-34039 VMWare Aria Operations...

9.8CVSS

7.3AI Score

0.945EPSS

2023-09-01 04:17 PM
209
osv
osv

CVE-2023-38698

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the...

6.5CVSS

7.2AI Score

0.001EPSS

2023-08-04 06:15 PM
7
osv
osv

Data exfiltration from internal networks in github.com/docker/docker

dockerd forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics, networks marked as 'internal' can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-03-22 06:49 PM
6
githubexploit
githubexploit

Exploit for CVE-2023-38831

CVE-2023-38831 PoC (Proof Of Concept) This is an easy to use...

7.8CVSS

8.3AI Score

0.381EPSS

2023-08-28 04:56 AM
242
cve
cve

CVE-2017-17688

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...

5.9CVSS

5.7AI Score

0.008EPSS

2018-05-16 07:29 PM
43
openbugbounty
openbugbounty

inc-conso.fr Cross Site Scripting vulnerability OBB-3872425

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-03-14 02:53 PM
7
osv
osv

CVE-2023-28842

Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which.....

8.7CVSS

7.2AI Score

0.003EPSS

2023-04-04 10:15 PM
12
osv
osv

CVE-2023-28841

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which...

8.7CVSS

7AI Score

0.003EPSS

2023-04-04 10:15 PM
6
cvelist
cvelist

CVE-2024-0552 Intumit inc. SmartRobot - Remote Code Execution

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote...

9.8CVSS

10AI Score

0.002EPSS

2024-01-15 04:03 AM
1
nessus
nessus

F5 Networks BIG-IP : libxml2 vulnerability (K000139592)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139592 advisory. An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document,...

6.5CVSS

7AI Score

0.001EPSS

2024-05-14 12:00 AM
4
nessus
nessus

Arista Networks Device Detection

Nessus was able to obtain version information for an Arista Networks device via an SSH login or by examining SNMP services running on the...

4.1AI Score

2018-02-28 12:00 AM
12
nessus
nessus

Extreme Networks ExtremeXOS Detection

Extreme Networks ExtremeXOS was detected on the remote...

7.4AI Score

2023-12-07 12:00 AM
2
nessus
nessus

F5 Networks BIG-IP : GSON vulnerability (K00994461)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K00994461 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the...

7.7CVSS

7.8AI Score

0.002EPSS

2022-08-29 12:00 AM
91
packetstorm

10CVSS

9.8AI Score

0.957EPSS

2024-04-23 12:00 AM
186
nessus
nessus

F5 Networks BIG-IP : libxml2 vulnerability (K000139594)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139594 advisory. An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table...

7.8CVSS

7.3AI Score

0.001EPSS

2024-05-14 12:00 AM
3
cvelist
cvelist

CVE-2024-2088 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS

8.2AI Score

0.001EPSS

2024-05-22 06:50 AM
cve
cve

CVE-2024-2088

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

8.5CVSS

6.3AI Score

0.001EPSS

2024-05-22 07:15 AM
33
osv
osv

CVE-2023-28840

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby, is commonly referred to as Docker. Swarm Mode, which.....

8.7CVSS

7.5AI Score

0.003EPSS

2023-04-04 10:15 PM
7
nessus
nessus

F5 Networks BIG-IP : PyYAML vulnerability (K000139901)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139901 advisory. In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load()...

9.8CVSS

8.1AI Score

0.014EPSS

2024-06-05 12:00 AM
vulnrichment
vulnrichment

CVE-2024-1762 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.2AI Score

0.0004EPSS

2024-05-22 06:50 AM
nessus
nessus

F5 Networks BIG-IP Detection

Nessus was able to obtain version information for an F5 Networks BIG-IP device on the remote host via...

3AI Score

2014-07-31 12:00 AM
18
nessus
nessus

Extreme Networks ExtremeXOS Web Detection

The web interface for Extreme Networks ExtremeXOS was detected on the remote. Note that HTTP form credentials are required to retrieve version...

7.3AI Score

2023-11-13 12:00 AM
4
zdt
zdt

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry...

10CVSS

10AI Score

0.957EPSS

2024-04-23 12:00 AM
169
cvelist
cvelist

CVE-2024-1762 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.1AI Score

0.0004EPSS

2024-05-22 06:50 AM
1
nessus
nessus

F5 Networks BIG-IP : XML vulnerability (K03244804)

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. (CVE-2017-9233) Impact BIG-IP Administrative interfaces, such as iControl SOAP, are...

7.5CVSS

8.6AI Score

0.003EPSS

2019-04-22 12:00 AM
15
nessus
nessus

F5 Networks BIG-IP : libxml2 vulnerability (K000139641)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139641 advisory. In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and...

6.5CVSS

6.6AI Score

0.001EPSS

2024-05-17 12:00 AM
3
cve
cve

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

6.1CVSS

6.2AI Score

0.0004EPSS

2024-05-22 07:15 AM
26
osv
osv

CVE-2023-36088

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...

7.5CVSS

7.4AI Score

0.001EPSS

2023-09-01 04:15 PM
10
nessus
nessus

F5 Networks BIG-IQ Detection

Nessus was able to obtain version information for an F5 Networks BIG-IQ device on the remote host via an SSH login or by examining HTTP services running on the device. BIG-IQ is a product for managing BIG-IP...

2.8AI Score

2014-05-09 12:00 AM
12
wpvulndb
wpvulndb

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS

6.7AI Score

0.0004EPSS

2024-04-25 12:00 AM
7
veracode
veracode

Session Fixation

@workos-inc/authkit-nextjs vulnerable to Session Fixation. This vulnerability is due to the improper handling of expired sessions within session.ts. This allowing an attacker to reuse an expired session by controlling the x-workos-session...

4.8CVSS

6.8AI Score

0.0004EPSS

2024-04-01 03:29 AM
15
githubexploit
githubexploit

Exploit for Command Injection in Vmware Vrealize Network Insight

CVE-2023-20887 POC for CVE-2023-20887 VMWare Aria Operations...

9.8CVSS

10.4AI Score

0.967EPSS

2023-06-13 01:17 PM
416
nessus
nessus

F5 Networks BIG-IP : Appliance mode vulnerability (K46524395)

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...

6.5CVSS

6.5AI Score

0.001EPSS

2019-05-01 12:00 AM
12
nessus
nessus

F5 Networks BIG-IP Edge Client Component Installer Installed (Windows)

Detects F5 Networks BIG-IP Edge Client Component Installer on the remote Windows...

1.5AI Score

2021-06-22 12:00 AM
33
nuclei
nuclei

DedeCMS 5.7 - Path Disclosure

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or...

7.5CVSS

7.5AI Score

0.024EPSS

2021-03-15 06:54 AM
10
nessus
nessus

F5 Networks BIG-IP : BIG-IP AFM vulnerability (K000137521)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137521 advisory. When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-02-14 12:00 AM
5
Total number of security vulnerabilities314659