Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting
Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
5.8CVSS
6.7AI Score
0.0004EPSS
VMware VRealize Network Insight - Remote Code Execution
VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the...
9.8CVSS
10AI Score
0.967EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
7.1AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP engineering hotfix Trusted Platform Module vulnerability (K91171450)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K91171450 advisory. On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect ...
4.6CVSS
4.8AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) {...
6.9AI Score
0.0004EPSS
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity:...
5.2AI Score
0.0004EPSS
VMware Aria Operations For Networks Web Interface Detection
The web interface for VMware Aria Operations for Networks (formerly known as VMware vRealize Network Insight) was detected on the remote...
7.1AI Score
Palo Alto Networks User-ID Agent Version Detection
Palo Alto Networks User-ID agent, a monitoring and reporting service that supports user and group mapping for firewall configurations, is installed on the remote...
1.6AI Score
F5 Networks BIG-IP : Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (K34303485)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K34303485 advisory. Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing...
5.6CVSS
6.2AI Score
0.001EPSS
NeDi 1.9C - Cross-Site Scripting
NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...
6.1CVSS
6AI Score
0.001EPSS
F5 Networks ARX Data Manager Web Interface Detection
The web interface login page for F5 Networks ARX Data Manager was detected on the remote host. ARX Data Manager is a product for file storage management and...
1.8AI Score
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...
6.1CVSS
6.1AI Score
0.001EPSS
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on su...
8.3CVSS
6.6AI Score
0.002EPSS
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ... if...
6.5AI Score
0.0004EPSS
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an...
4.7CVSS
4.5AI Score
0.0004EPSS
Weaver E-Office 9.5 - Remote Code Execution
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
9.8CVSS
7.8AI Score
0.106EPSS
GlobalProtect - OS Command Injection
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama...
10CVSS
9.9AI Score
0.957EPSS
Magento Mass Importer <0.7.24 - Remote Auth Bypass
Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection...
9.8CVSS
9.5AI Score
0.056EPSS
F5 Networks BIG-IP : Microarchitectural Fill Buffer Data Sampling (MFBDS) (K80159635)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K80159635 advisory. Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative...
5.6CVSS
6.2AI Score
0.001EPSS
F5 Networks BIG-IP : Expat vulnerability (K000139637)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139637 advisory. libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers...
7.2AI Score
0.0004EPSS
F5 Networks BIG-IP : Expat vulnerability (K000139630)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139630 advisory. libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....
3.5CVSS
6.6AI Score
0.0004EPSS
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...
9.8CVSS
6.8AI Score
0.001EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7.1AI Score
0.0004EPSS
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 PoC Description This repository contains a...
7.5CVSS
7.5AI Score
0.052EPSS
F5 Networks BIG-IP : TMM vulnerability (K000139037)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000139037 advisory. When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel...
7.5CVSS
7.6AI Score
0.0004EPSS
F5 Networks BIG-IP : Linux kernel usbmon vulnerability (K000139700)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139700 advisory. drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user- space...
6.7CVSS
7AI Score
0.0004EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7AI Score
0.0004EPSS
F5 Networks BIG-IP : Speculative race conditions vulnerabilities (K000139682)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139682 advisory. A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting ...
5.5CVSS
7.8AI Score
0.0004EPSS
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
This module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on...
10CVSS
9.9AI Score
0.957EPSS
@workos-inc/authkit-nextjs vulnerable to Session Fixation. This vulnerability is due to the improper handling of expired sessions within session.ts. This allowing an attacker to reuse an expired session by controlling the x-workos-session...
4.8CVSS
6.8AI Score
0.0004EPSS
Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP...
8.8CVSS
9AI Score
0.002EPSS
F5 Networks BIG-IP : TMM vulnerability (K95434410)
Undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane....
7.5CVSS
7.6AI Score
0.001EPSS
F5 Networks BIG-IP : GNU C Library (glibc) vulnerability (K52494142)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K52494142 advisory. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes...
5.9CVSS
6.1AI Score
0.007EPSS
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This...
6.4CVSS
6.3AI Score
0.0004EPSS
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This...
6.4CVSS
6.8AI Score
0.0004EPSS
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and...
8CVSS
7.3AI Score
0.0004EPSS
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K97035296 advisory. Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative...
5.6CVSS
6.2AI Score
0.001EPSS
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...
8CVSS
7.3AI Score
0.0004EPSS
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to...
8.1CVSS
6.8AI Score
0.001EPSS
libreswan bug fix and enhancement update
An update is available for libreswan. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the...
7AI Score
0.0004EPSS
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon....
8.2CVSS
7AI Score
0.0004EPSS
Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint....
6.4CVSS
6.3AI Score
0.0004EPSS
The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.7AI Score
0.001EPSS
Palo Alto Networks PAN-OS Firewall/Panorama Web UI Detection
The web interface for Palo Alto Networks PAN-OS firewall or Panorama was detected on the remote host. Panorama is a centralized management solution used for Palo Alto Networks...
1.2AI Score
F5 Networks BIG-IP : BIG-IP HTTP non-RFC-compliant security exposure (K11342432)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.5.1 / 15.1.7 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K11342432 advisory. This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a...
7.3AI Score