Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...
7.5CVSS
7.4AI Score
0.001EPSS
perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...
7.8CVSS
6.8AI Score
0.0004EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when...
5.7CVSS
6.7AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * ...
6.5CVSS
7AI Score
0.001EPSS
9.9CVSS
7.2AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: dotnet8.0-8.0.105-1.fc39
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
7.1AI Score
Micro Focus NetIQ Access Manager Installed (Linux)
Micro Focus NetIQ Access Manager is installed on the remote Linux...
7.1AI Score
Trend Micro Deep Security Agent Installed (Linux)
Trend Micro Deep Security Agent which provides application control, anti-malware, web reputation service, firewall, intrusion prevention, integrity monitoring, and log inspection protection is installed on the remote Linux...
1.3AI Score
Trend Micro Apex One Server Installed (Windows)
Trend Micro Apex One, a server for managing endpoint protection agents, is installed on the remote Windows...
2.2AI Score
Trend Micro Worry-Free Business Security Detection
The web console for Trend Micro Worry-Free Business Security (WFBS), a commercial antivirus server application for Windows, is running on the remote...
1.5AI Score
Trend Micro SafeSync for Enterprise (SSFE) Detection
Trend Micro SafeSync for Enterprise, an enterprise data management application, is running on the remote...
1.1AI Score
Trend Micro ScanMail for Exchange Installation Detection
Trend Micro ScanMail for Exchange (SMEX), an email security and filtering application built on top of Microsoft Exchange, is installed on the remote Windows...
1AI Score
WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0,.....
6.1CVSS
5.1AI Score
0.019EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an...
7.1AI Score
0.0004EPSS
Trend Micro Deep Security Agent Installed (Windows)
Trend Micro Deep Security Agent which provides application control, anti-malware, web reputation service, firewall, intrusion prevention, integrity monitoring, and log inspection protection is installed on the remote Windows...
1.8AI Score
Trend Micro Deep Security Manager Installed (Windows)
Trend Micro Deep Security Manager, a web-based management console that administrators use to configure security policy and deploy protection, is installed on the remote Windows...
1.9AI Score
CVE-2024-0967 OpenText / Micro Focus ArcSight Enterprise Security Manager Remote Vulnerability
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely...
4.3CVSS
5AI Score
0.0004EPSS
Trend Micro Threat Intelligence Manager Web Console Detection
The remote web server is running the web console for Trend Micro Threat Intelligence Manager, a security event management application used to collect, analyze, and manage Trend Micro product event...
1.2AI Score
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based....
6.1CVSS
6.1AI Score
0.001EPSS
Trend Micro ServerProtect Static Credential (CVE-2022-25329)
The Trend Micro ServerProtect Information Server running on the remote host uses a static credential to perform authentication when console type 1 is specified in the console registration request. An unauthenticated remote attacker can exploit this, via a specially crafted message, to register to.....
9.8CVSS
2.1AI Score
0.004EPSS
Trend Micro InterScan Web Security Virtual Appliance Detection
The remote host is a Trend Micro InterScan Web Security Virtual Appliance (IWSVA), a web gateway for application control, exploit detection, malware scanning, and URL...
2.4AI Score
An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
7.8CVSS
7.2AI Score
0.0005EPSS
NodeBB XML-RPC Request xmlrpc.php - XML Injection
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...
9.8CVSS
9.9AI Score
0.287EPSS
Trend Micro ScanMail for Exchange Web Console Detection
The remote web server is running the web console for Trend Micro ScanMail for Exchange, an email security and filtering application built on top of Microsoft...
0.7AI Score
Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web...
8.1CVSS
7.3AI Score
0.002EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
6AI Score
0.0004EPSS
TIBCO JasperReports Library - Directory Traversal
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for...
6.5CVSS
6.6AI Score
0.503EPSS
Novell / NetIQ / Micro Focus iManager Detection (HTTP)
HTTP based detection of Novell / NetIQ / Micro Focus...
7.4AI Score
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
7.8CVSS
7.2AI Score
0.0005EPSS
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
7.8CVSS
7.2AI Score
0.0005EPSS
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...
7.8CVSS
7.2AI Score
0.0005EPSS
WordPress Sell Media 2.4.1 - Cross-Site Scripting
WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...
6.1CVSS
5.9AI Score
0.001EPSS
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting
Description The Code Insert Manager (Q2W3 Inc Manager) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
5.8CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) {...
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
7.1AI Score
0.0004EPSS
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
4.7CVSS
6.5AI Score
0.0005EPSS
NeDi 1.9C - Cross-Site Scripting
NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...
6.1CVSS
6AI Score
0.001EPSS
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
7.8CVSS
7.2AI Score
0.0005EPSS
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...
6.1CVSS
7AI Score
0.0005EPSS
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...
6.1CVSS
6.1AI Score
0.001EPSS
A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....
3.5CVSS
6.6AI Score
0.0004EPSS
Magento Mass Importer <0.7.24 - Remote Auth Bypass
Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection...
9.8CVSS
9.5AI Score
0.056EPSS
Trend Micro ServerProtect Authentication Bypass Vulnerability (CVE-2021-36745)
An authentication bypass vulnerability exists in the Trend Micro ServerProtect Information Server due to the lack of proper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass authentication and gain access to the...
9.8CVSS
3.7AI Score
0.018EPSS
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ... if...
6.5AI Score
0.0004EPSS
Weaver E-Office 9.5 - Remote Code Execution
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
9.8CVSS
7.8AI Score
0.106EPSS
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This...
9.8CVSS
6.8AI Score
0.001EPSS
[SECURITY] Fedora 39 Update: dotnet7.0-7.0.119-1.fc39
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
7.1AI Score
Trend Micro Worry-Free Business Security Remote File Deletion (000281948)
The Trend Micro Worry-Free Business Security (WFBS) is affected by a remote file deletion vulnerability in cgiLog.exe due to improper validation of a user-supplied path prior to using it in a file operation when handling the BinaryDataBlock parameter in an HTTP request. An unauthenticated, remote.....
7.5CVSS
0.9AI Score
0.003EPSS
Trend Micro Worry-Free Business Security Advanced Server Installed (Windows)
Trend Micro Worry-Free Business Security Advanced Server, a commercial antivirus server application for Windows, is installed on the remote...
2.2AI Score
Trend Micro Control Manager CmdProcessor.exe Remote Buffer Overflow (uncredentialed check)
The Trend Micro Control Manager running on the remote host is missing Critical Patch 1613. As such, the included CmdProcessor.exe component is affected by a remote stack buffer overflow vulnerability in the 'CGenericScheduler::AddTask' function of cmdHandlerRedAlertController.dll. By sending a...
2.3AI Score