contao/core Insufficient input validation allows for code injection and remote execution
contao/core versions 2.x prior to 2.11.17 and 3.x prior to 3.2.9 are vulnerable to arbitrary code execution on the server due to insufficient input validation. In fact, attackers can remove or change pathconfig.php by entering a URL, meaning that the entire Contao installation will no longer be...
7.9AI Score
PHP XML Entity Expansion And XML External Entity Vulnerabilities - Linux
PHP is prone to XML entity expansion and XML external entity (XXE)...
9.6CVSS
7.6AI Score
0.007EPSS
Gravity Board X Multiple SQL Injection Vulnerabilities and RCE Vulnerability
Gravity Board X is prone to multiple SQL-injection vulnerabilities and a remote command-execution because it fails to sufficiently sanitize user-supplied data before using it in an SQL...
7.3AI Score
0.001EPSS
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...
9.8CVSS
7.4AI Score
0.0004EPSS
contao/core Insufficient input validation allows for code injection and remote execution
contao/core versions 2.x prior to 2.11.17 and 3.x prior to 3.2.9 are vulnerable to arbitrary code execution on the server due to insufficient input validation. In fact, attackers can remove or change pathconfig.php by entering a URL, meaning that the entire Contao installation will no longer be...
7.9AI Score
CVE-2024-27163 Leak of admin password and passwords
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...
6.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-27163 Leak of admin password and passwords
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...
6.5CVSS
0.0004EPSS
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with.....
9.9CVSS
7.8AI Score
0.001EPSS
Microsoft Azure Web App Discovery And Assessment Service Installed (Windows)
Microsoft Azure Web App Discovery and Assessment Service is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...
7.4AI Score
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with.....
9.9CVSS
9.9AI Score
0.001EPSS
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...
9.8CVSS
7.8AI Score
0.002EPSS
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...
9.8CVSS
9.8AI Score
0.0004EPSS
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution (RCE), Cross-Site Scripting (XSS) and other...
7.1AI Score
CVE-2024-26261 Hgiga OAKlouds - Arbitrary File Read And Delete
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being...
9.8CVSS
9.6AI Score
0.001EPSS
PHP XML Entity Expansion And XML External Entity Vulnerabilities - Windows
PHP is prone to XML entity expansion and XML external entity (XXE)...
9.6CVSS
7.6AI Score
0.007EPSS
Important: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Bug Fix(es): container_init_t does not possess ptrace process context [almalinux-8.9.0.z] (JIRA:AlmaLinux-28923) Security Fix(es): podman: full container escape at build time...
8.6CVSS
7.3AI Score
0.0005EPSS
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...
9.8CVSS
9.8AI Score
0.0004EPSS
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc......
6.8AI Score
0.0004EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....
4.3CVSS
6.6AI Score
0.001EPSS
Cisco Duo Authentication For Windows Logon And RDP Installed (Windows)
Cisco Duo Authentication for Windows Logon and RDP is installed on the remote Windows...
7.5AI Score
Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...
7.5CVSS
7.3AI Score
0.024EPSS
Summary Golang Go is used by a parent process in the IntegrationServer and IntegrationRuntime operands of IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This...
6.2AI Score
0.0004EPSS
(RHSA-2024:2776) Moderate: OpenShift Container Platform 4.15.13 packages and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.13. See the following advisory for the container...
7AI Score
0.0005EPSS
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...
9.8CVSS
7.4AI Score
0.0004EPSS
Summary IBM Cognos Analytics is vulnerable to a cross-site scripting vulnerability (XSS) in JupyterHub and remote code execution (RCE) vulnerability in R Programming Language which is used by Jupyter Notebook. IBM Cognos Analytics has addressed a Denial of Service (DOS) vulnerability and an...
8.8CVSS
10AI Score
0.005EPSS
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Magento Commerce and Open Source 2.2.5 and 2.1.14 contain multiple security enhancements that help close authenticated Admin user remote code execution (RCE), Cross-Site Scripting (XSS) and other...
7.1AI Score
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...
7AI Score
Microsoft SharePoint Server and Foundation Remote Code Execution Vulnerability (3058083)
This host is missing an important security update according to Microsoft Bulletin...
6.4AI Score
0.048EPSS
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...
9.8CVSS
7.4AI Score
0.0004EPSS
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...
9.8CVSS
9.8AI Score
0.0004EPSS
K000139607: MySQL Server vulnerabilities CVE-2024-21013 and CVE-2024-21062
Security Advisory Description CVE-2024-21013 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network...
5.6AI Score
0.0004EPSS
tractors-and-machinery.nl Cross Site Scripting vulnerability OBB-3876494
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
IBM Rational License Key Server Administration and Reporting Tool Detection
Nessus detected the web interface for the IBM Rational License Key Server Administration and Reporting...
1.7AI Score
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE ( CVE-2024-22329, CVE-2023-50312). Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application...
5.3CVSS
5.3AI Score
0.0004EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
8.9AI Score
0.001EPSS
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...
9.8CVSS
7.4AI Score
0.0004EPSS
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...
9.8CVSS
9.8AI Score
0.0004EPSS
5.3CVSS
6.1AI Score
0.001EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.1AI Score
0.0004EPSS
ams-paints-and-accessories.co.uk Cross Site Scripting vulnerability OBB-3883863
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary Node.js module @apidevtools/json-schema-ref-parser is used by IBM App Connect Enterprise Certified Container for processing JSON schemas defining the App Connect Enterprise administration API. IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are...
7.7AI Score
EPSS
Mailcow Patches Critical XSS and File Overwrite Flaws – Update NOW
Mailcow email servers faced critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) allowing potential remote code execution. Update to Mailcow 2024-04 (Moopril Update) to patch the security holes and keep your email server...
6.2CVSS
8.4AI Score
0.0004EPSS
Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct...
7.3CVSS
7.1AI Score
0.001EPSS
Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3267 advisory. * JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681) * python-jwcrypto: malicious JWE token can cause denial of service...
6.8CVSS
7AI Score
0.0004EPSS
Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. * bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408) * bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator...
7.5CVSS
9.3AI Score
0.05EPSS
Microsoft SharePoint Server and Foundation Elevation of Privilege Vulnerability (3052044)
This host is missing an important security update according to Microsoft Bulletin...
6.4AI Score
0.474EPSS
Microsoft Internet Explorer Information Disclosure and Web Site Spoofing Vulnerabilities
Microsoft Internet Explorer is prone to information disclosure and web site spoofing...
5.9AI Score
0.064EPSS
MetaCart E-Shop ProductsByCategory.ASP SQL and XSS Injection Vulnerabilities
Due to a lack of user input validation, the remote version of MetaCart e-Shop is vulnerable to various SQL injection vulnerabilities and cross site scripting...
7.8AI Score
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with.....
4.4CVSS
4.8AI Score
0.0004EPSS
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of...
1.5AI Score
0.001EPSS