CVE-2024-24919 Information disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is...
8.6CVSS
8.4AI Score
0.945EPSS
CVE-2024-0912 CCURE passwords exposed to administrators
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior...
6.8AI Score
0.0004EPSS
7.3CVSS
7.6AI Score
0.002EPSS
7.5CVSS
7.6AI Score
0.001EPSS
8.8CVSS
9AI Score
0.001EPSS
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP,...
7.3AI Score
0.0004EPSS
7.5CVSS
7.8AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.004EPSS
9.8CVSS
9.5AI Score
0.02EPSS
conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::to_bytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a.....
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
8AI Score
0.004EPSS
Hitachi Energy's RTU500 series Unrestricted Upload of File with Dangerous Type (CVE-2024-1531)
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file. This plugin only works with...
8.2CVSS
7.1AI Score
0.0004EPSS
7.5CVSS
7.8AI Score
0.002EPSS
7.5CVSS
7.9AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.004EPSS
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is...
CVE-2024-24919 Information disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is...
8.6CVSS
8.3AI Score
0.945EPSS
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP,...
7.3AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.008EPSS
5.5CVSS
7.5AI Score
0.0004EPSS
5.3CVSS
6.9AI Score
0.001EPSS
5.3CVSS
5.8AI Score
0.001EPSS
7.8CVSS
8.6AI Score
0.001EPSS
ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers.....
9.8CVSS
7.8AI Score
0.001EPSS
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...
5.6AI Score
0.003EPSS
7.5CVSS
8.5AI Score
0.004EPSS
SAS/Internet 9.4 1520 - Local File Inclusion
SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF...
7.5CVSS
7.4AI Score
0.01EPSS
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Impact OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they come from networks that are not configured as localNetworks, by...
7.1CVSS
7.1AI Score
0.0004EPSS
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP,...
7.4AI Score
0.0004EPSS
7.5CVSS
8.7AI Score
0.076EPSS
Hitachi Energy's RTU500 series Unrestricted Upload of File with Dangerous Type (CVE-2024-1532)
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file. This plugin only works with....
6.8CVSS
6.9AI Score
0.0004EPSS
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
Impact Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte...
7.5CVSS
7.4AI Score
0.001EPSS
FlyteAdmin's Default OAuth Authorization Server secret must be rotated
Impact Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the default configuration for Flyte Admin allows access for Flyte...
7.5CVSS
0.5AI Score
0.001EPSS
Exploit for Integer Overflow or Wraparound in Microsoft
CVE-2023-36900 About this vulnerability:...
7.8CVSS
7.5AI Score
0.009EPSS
(RHSA-2024:2890) Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
6.7AI Score
0.05EPSS
Moderate: traceroute security update
The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
5.5CVSS
7.1AI Score
0.0004EPSS
gradio vulnerable to Path Traversal
An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy.....
7.5CVSS
7.3AI Score
0.001EPSS
Exploit for HTTP Request Smuggling in Sap Content Server
CVE-2022-22536 SAP memory pipes desynchronization...
10CVSS
9.8AI Score
0.965EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows...
5.3CVSS
4.7AI Score
0.001EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...
5.3CVSS
4.8AI Score
0.001EPSS
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older....
10CVSS
9.7AI Score
0.034EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated.....
5.3CVSS
7.3AI Score
0.001EPSS
Moderate: traceroute security update
The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
5.5CVSS
7AI Score
0.0004EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7)
The version of AOS installed on the remote host is prior to 6.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7 advisory. Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of...
9.8CVSS
9AI Score
0.107EPSS
KB4093115: Windows 8.1 and Windows Server 2012 R2 April 2018 Security Update
The remote Windows host is missing security update 4093115 or cumulative update 4093114. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. ...
8.8CVSS
8.7AI Score
0.652EPSS
KB4093108: Windows 7 and Windows Server 2008 R2 April 2018 Security Update
The remote Windows host is missing security update 4093108 or cumulative update 4093118. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects...
8.8CVSS
8.6AI Score
0.652EPSS
Directus Lacks Session Tokens Invalidation
Summary Currently session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The directus_session gets destroyed and the cookie gets deleted but if you captured the cookie value it will still work for the entire expiry time which is set to 1 day by.....
5.4CVSS
7AI Score
0.0004EPSS
gradio vulnerable to Path Traversal
An issue was discovered in gradio-app/gradio, where the /component_server endpoint improperly allows the invocation of any method on a Component class with attacker-controlled arguments. Specifically, by exploiting the move_resource_to_block_cache() method of the Block class, an attacker can copy.....
7.5CVSS
7.3AI Score
0.001EPSS
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is...
8.6CVSS
8.3AI Score
0.945EPSS
CVE-2024-22064 Configuration error Vulnerability in ZTE ZXUN-ePDG
ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked,...
8.3CVSS
7AI Score
0.0004EPSS