CVE-2024-3264 Broken or Risky Cryptographic Algorithm in Mia Technology's Mia-Med Health Aplication
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before...
5.3CVSS
0.0005EPSS
An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of...
6.5AI Score
EPSS
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...
8.1CVSS
8AI Score
0.001EPSS
CVE-2022-0551 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...
6.3CVSS
7.3AI Score
0.001EPSS
F5 Networks BIG-IP : Intel I210 network adapter vulnerability (K44482551)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K44482551 advisory. Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before...
4.4CVSS
4.6AI Score
0.0004EPSS
CVE-2021-47249 net: rds: fix memory leak in rds_recvmsg
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......
6.3AI Score
0.0004EPSS
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and...
4.3CVSS
5.8AI Score
0.001EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.7AI Score
0.001EPSS
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
CVE-2024-26024 SUBNET Substation Server Reliance on Insufficiently Trustworthy Component
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...
8.4CVSS
8.6AI Score
0.0004EPSS
CVE-2024-26024 SUBNET Substation Server Reliance on Insufficiently Trustworthy Component
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation...
8.4CVSS
7.1AI Score
0.0004EPSS
The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution...
8.8CVSS
7.5AI Score
0.001EPSS
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through...
5.4CVSS
0.0004EPSS
CVE-2022-0551 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...
6.3CVSS
7.2AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......
6.6AI Score
0.0004EPSS
CVE-2024-32144 WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...
7.3CVSS
0.0005EPSS
Exploit for Improper Input Validation in Microsoft
CVE-2024-21413 - Expect Script POC Microsoft Outlook Leak...
9.8CVSS
10AI Score
0.006EPSS
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
7.1CVSS
7.1AI Score
0.0004EPSS
CVE-2021-47249 net: rds: fix memory leak in rds_recvmsg
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......
6.7AI Score
0.0004EPSS
CVE-2024-23524 WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...
5.3CVSS
0.0004EPSS
CVE-2024-23524 WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated.....
6.4CVSS
5.8AI Score
0.0004EPSS
An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of...
7.1AI Score
EPSS
An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
EPSS
An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
EPSS
An issue discovered in Wavlink QUANTUM D2G routers allows attackers to hijack TCP sessions which could lead to a denial of...
6.5AI Score
EPSS
An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
EPSS
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...
5.3CVSS
0.0004EPSS
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon....
6.8CVSS
6.5AI Score
0.001EPSS
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state...
6.1CVSS
6.2AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP APM portal access vulnerability (K40625021)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K40625021 advisory. A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP...
4.3CVSS
4.7AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP engineering hotfix TMM vulnerability (K53590702)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K53590702 advisory. Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel...
7.5CVSS
7.6AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP Appliance Mode External Monitor Vulnerability (K41072952)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K41072952 advisory. When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass...
8.7CVSS
8.6AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP Edge Client for Windows vulnerability (K33552735)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K33552735 advisory. On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to...
7.8CVSS
7.9AI Score
0.0004EPSS
The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K03009991 advisory. On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x...
9.8CVSS
9.8AI Score
0.974EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
PAN-OS Firewall Exploit Script This script is designed to...
10CVSS
10AI Score
0.957EPSS
F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136907)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000136907 advisory. BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End...
7.1CVSS
7AI Score
0.001EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6AI Score
0.001EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_tag’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
5.8AI Score
0.001EPSS
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...
7.2CVSS
7.1AI Score
0.001EPSS
Juniper Junos OS Vulnerability (JSA69717)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69717 advisory. A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an...
5.9CVSS
5.9AI Score
0.001EPSS
An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of...
6.5AI Score
EPSS
An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of...
6.5AI Score
EPSS
F5 Networks BIG-IP : BIG-IP Edge Client for macOS Privilege Escalation (K000136185)
The version of F5 Networks BIG-IP installed on the remote macOS host is prior or equal to 17.1.0 / 16.1.4 / 15.1.10 / 14.1.5 / 13.1.5. It is, therefore, affected by a vulnerability as referenced in the K000136185 advisory. The BIG-IP Edge Client Installer on macOS does not follow best practices...
7.8CVSS
7.8AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP and BIG-IQ iControl SOAP vulnerability (K000133472)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.5 / 15.1.9.1 / 16.1.3.5 / 17.1.0.2. It is, therefore, affected by a vulnerability as referenced in the K000133472 advisory. An authenticated attacker with guest privileges or higher can cause the iControl SOAP...
4.3CVSS
4.9AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP virtual server TCP sequence numbers vulnerability (K64571774)
On specific BIG-IP platforms, attackersmay be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers.(CVE-2020-5947) Impact Attackers may be able to spoof TCP packets to be used by a future...
4.3CVSS
4.5AI Score
0.001EPSS
An issue discovered in Comfast Comfast CF-616AC routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
EPSS
An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of...
6.5AI Score
EPSS