A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or...
9.1CVSS
9.2AI Score
0.0004EPSS
The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...
6.1CVSS
5.7AI Score
0.0004EPSS
Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication...
9.3CVSS
6.1AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through...
6.5CVSS
5.9AI Score
0.0004EPSS
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle)...
5.9CVSS
5.4AI Score
0.0005EPSS
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle)...
5.9CVSS
5.4AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1...
7.1CVSS
6AI Score
0.0005EPSS
The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast...
5.3CVSS
5.2AI Score
0.0005EPSS
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to...
9.8CVSS
8.9AI Score
0.001EPSS
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted...
6.5CVSS
6.2AI Score
0.0005EPSS
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted...
6.5CVSS
6.2AI Score
0.0005EPSS
Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before...
5.5CVSS
5.5AI Score
0.001EPSS
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of...
7.5CVSS
7.4AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6...
7.1CVSS
5.9AI Score
0.0005EPSS
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin...
8.8CVSS
8.6AI Score
0.001EPSS
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact...
4.3CVSS
4.6AI Score
0.001EPSS
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding...
6.5CVSS
6.3AI Score
0.001EPSS
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to...
4.3CVSS
4.6AI Score
0.001EPSS
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group...
7.5CVSS
7.2AI Score
0.001EPSS
Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...
6.1CVSS
6AI Score
0.001EPSS
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through...
5.3CVSS
5.3AI Score
0.001EPSS
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege...
7.8CVSS
7.7AI Score
0.001EPSS
Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced...
9.8CVSS
9.3AI Score
0.002EPSS
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these...
9.1CVSS
9.3AI Score
0.001EPSS
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains %2F (encoded /), such as /files/..%2Fsecrets.txt, bypassing Armeria's path validation...
7.5CVSS
7.3AI Score
0.002EPSS
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login...
7.5CVSS
7.6AI Score
0.002EPSS
LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this...
7.5CVSS
7.1AI Score
0.002EPSS
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the...
8.8CVSS
8.8AI Score
0.001EPSS
LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address...
5.3CVSS
5AI Score
0.001EPSS
LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL...
7.8CVSS
8.1AI Score
0.0004EPSS
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server...
7.5CVSS
7.5AI Score
0.002EPSS
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the...
7.8CVSS
7.8AI Score
0.0004EPSS
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the...
9.8CVSS
9.6AI Score
0.003EPSS
LINE client for iOS before 10.16.3 allows cross site script with specific header in...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open...
5.8CVSS
5.1AI Score
0.001EPSS
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get...
6.1CVSS
5.8AI Score
0.001EPSS
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access...
7.7CVSS
7.3AI Score
0.001EPSS
All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver...
4.3CVSS
4.7AI Score
0.001EPSS
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...
6.5CVSS
6.4AI Score
0.002EPSS
Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted...
7.8CVSS
8.3AI Score
0.004EPSS
The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
7.4CVSS
6.9AI Score
0.001EPSS
LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
5.9CVSS
5.1AI Score
0.001EPSS
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file...
6.7AI Score
0.012EPSS
Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third...
6.9AI Score
0.011EPSS
SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt...
8.4AI Score
0.008EPSS
SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2)...
8.4AI Score
0.009EPSS
Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer...
6.8AI Score
0.0004EPSS
Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav...
8.4AI Score
0.053EPSS