Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for...
5.5CVSS
6.8AI Score
0.0004EPSS
VMware Horizon Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)
A remote code execution vulnerability exists in VMware Horizon in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via.....
10CVSS
1.7AI Score
0.976EPSS
Fedora: Security Advisory for seamonkey (FEDORA-2021-df093b89ba)
The remote host is missing an update for...
7.5AI Score
An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy.....
7.5CVSS
6.2AI Score
0.001EPSS
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
7.5CVSS
6.7AI Score
0.001EPSS
VMware vRealize Operations Manager Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)
A remote code execution vulnerability exists in VMWare vRealize Operations Manager in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can....
10CVSS
2.4AI Score
0.976EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.5CVSS
6.6AI Score
0.0004EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.5CVSS
6.5AI Score
0.0004EPSS
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user...
5.3CVSS
5.5AI Score
0.0004EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.5CVSS
6.3AI Score
0.0004EPSS
Apache Druid Log4Shell Direct Check (CVE-2021-44228)
The version of Apache Druid running on the remote web server is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A...
10CVSS
2.5AI Score
0.976EPSS
Moxa Device Manager Tool MDM2_Gateway Response Remote Overflow
The remote Windows host has a version earlier than 2.3 of the Moxa Device Manager (MDM) Tool, used for managing embedded industrial control systems across the Internet. Such versions are affected by a buffer overflow vulnerability that can be triggered using a specially crafted MDM2_Gateway...
5.1AI Score
Fedora: Security Advisory for seamonkey (FEDORA-2021-2761b54dff)
The remote host is missing an update for...
7.5AI Score
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in...
7AI Score
KB5018418: Windows 11 Security Update (October 2022)
The remote Windows host is missing security update 5018418. It is, therefore, affected by multiple vulnerabilities Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability (CVE-2022-38036) Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045) ...
8.8CVSS
7.8AI Score
0.017EPSS
KB5018421: Windows Server 2022 Security Update (October 2022)
The remote Windows host is missing security update 5018421. It is, therefore, affected by multiple vulnerabilities Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability (CVE-2022-38036) Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045) ...
8.8CVSS
7.8AI Score
0.017EPSS
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of...
6.3CVSS
6.5AI Score
0.001EPSS
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a...
7.5CVSS
7.7AI Score
0.0005EPSS
CVE-2024-38520 SoftEther VPN with L2TP - 2.75x Amplification
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...
7.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-38520 SoftEther VPN with L2TP - 2.75x Amplification
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...
7.5CVSS
0.0004EPSS
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: ...
7.5CVSS
7.2AI Score
0.0004EPSS
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...
7.5CVSS
0.0004EPSS
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7150929)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7150929 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of ...
7.5CVSS
7AI Score
0.001EPSS
Apache Solr Log4Shell Direct Check (CVE-2021-44228)
The version of Apache Solr running on the remote web server is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A...
10CVSS
2.3AI Score
0.976EPSS
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...
7.5CVSS
7.5AI Score
0.0004EPSS
Cisco IOS XE Software Internet Key Exchange Denial of Service Vulnerability
According to its self-reported version, the Cisco IOS XE Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more...
7.5CVSS
7.7AI Score
0.004EPSS
6.5CVSS
0.001EPSS
8.8CVSS
9AI Score
0.001EPSS
CVE-2024-25015 IBM MQ denial of service
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: ...
7.5CVSS
6.5AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.001EPSS
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...
6.5AI Score
0.0004EPSS
7.3CVSS
7.6AI Score
0.002EPSS
8.8CVSS
9AI Score
0.001EPSS
8.8CVSS
0.001EPSS
6.5CVSS
7.5AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
0.001EPSS
7.5CVSS
7.6AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.011EPSS
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...
7AI Score
0.0004EPSS
CVE-2024-25015 IBM MQ denial of service
IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: ...
7.5CVSS
7.3AI Score
0.0004EPSS
CVE-2024-0912 CCURE passwords exposed to administrators
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...
6.5AI Score
0.0004EPSS
6.5CVSS
6.7AI Score
0.001EPSS
9.8CVSS
9.7AI Score
0.02EPSS
9.8CVSS
9.5AI Score
0.02EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
6.5AI Score
0.0004EPSS
7.5CVSS
8AI Score
0.004EPSS
CVE-2024-0912 CCURE passwords exposed to administrators
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...
6.8AI Score
0.0004EPSS
7.5CVSS
8AI Score
0.008EPSS
6.2CVSS
5.9AI Score
0.0004EPSS