CIS Manager 'email' Parameter SQL Injection Vulnerability
CIS Manager is prone to an SQL injection (SQLi)...
7.5AI Score
0.001EPSS
Windows 2008 October 2017 Multiple Security Updates (KRACK)
The remote Windows host is missing multiple security updates released on 2017/10/10. It is, therefore, affected by multiple vulnerabilities : A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An...
9.8CVSS
8.5AI Score
0.928EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,.....
3.7CVSS
0.001EPSS
Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
7.7AI Score
0.05EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...
7.4CVSS
8AI Score
0.002EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...
7.4CVSS
7.2AI Score
0.002EPSS
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7157980 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are...
3.7CVSS
4.6AI Score
0.0004EPSS
Microsoft Unveils Enhanced Security Features for Internet Explorer 9
Microsoft has detailed new security features for Internet Explorer 9 (IE9) that will help users prevent sites from tracking their activity across browsing sessions. The new feature, set to launch with the first release candidate of IE9 early next year, uses a list to control which third-party...
6.8AI Score
KB4019472: Windows 10 Version 1607 and Windows Server 2016 May 2017 Cumulative Update
The remote Windows host is missing security update KB4019472. It is, therefore, affected by multiple vulnerabilities : A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to...
8.3CVSS
9AI Score
0.263EPSS
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification.....
6.8AI Score
0.042EPSS
Quicktime/Darwin 4.1.x Streaming Administration Server 'parse_xml.cgi' Multiple Vulnerabilities
QuickTime/Darwin streaming administration server is prone to multiple...
6.5AI Score
0.659EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.5)
The version of AOS installed on the remote host is prior to 5.20.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.5 advisory. In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form...
9.8CVSS
10AI Score
EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040-RCE-POC CVE-2024-4040 (CrushFTP VFS escape) or...
10CVSS
9.9AI Score
0.966EPSS
RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2024:2101)
The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2101 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...
3.7CVSS
8.2AI Score
0.001EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,.....
3.7CVSS
4.3AI Score
0.001EPSS
Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirect_uri and client_id are alterable when logging in. Consequently, the code parameter utilized to fetch the access_token post-authentication will be sent to the URL specified in the aforementioned...
5.4CVSS
7.1AI Score
0.0005EPSS
(RHSA-2024:2101) Low: Red Hat Satellite Client bug fix and security update
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...
7.7AI Score
0.001EPSS
EnvíaloSimple <= 2.4 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
6.5CVSS
7.1AI Score
0.0004EPSS
KB4467106: Windows 7 and Windows Server 2008 R2 November 2018 Security Update
The remote Windows host is missing security update 4467106 or cumulative update 4467107. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The...
9.8CVSS
7.9AI Score
0.947EPSS
KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO
On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The...
6.8AI Score
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...
3.7CVSS
3AI Score
0.0004EPSS
RHEL 6 / 7 / 8 / 9 : Satellite Client Async Security Update (Important) (RHSA-2024:2011)
The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2011 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the...
9.8CVSS
10AI Score
0.003EPSS
Fedora: Security Advisory for cyrus-imapd (FEDORA-2024-123f2b3666)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0005EPSS
Microsoft Windows Multiple Vulnerabilities (KB4534306)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.3AI Score
0.975EPSS
Fedora: Security Advisory for cyrus-imapd (FEDORA-2024-f3e0255c75)
The remote host is missing an update for...
6.5CVSS
6.6AI Score
0.0005EPSS
Microsoft Windows Multiple Vulnerabilities (KB4550930)
This host is missing a critical security update according to Microsoft...
8.8CVSS
7.3AI Score
0.954EPSS
Microsoft Windows Multiple Vulnerabilities (KB4534271)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.3AI Score
0.975EPSS
Microsoft Windows Multiple Vulnerabilities (KB4571736)
This host is missing a critical security update according to Microsoft...
10CVSS
7.3AI Score
0.467EPSS
Microsoft Windows Multiple Vulnerabilities (KB4571729)
This host is missing a critical security update according to Microsoft...
10CVSS
7.3AI Score
0.467EPSS
Microsoft Windows Multiple Vulnerabilities (KB4556826)
This host is missing a critical security update according to Microsoft...
9.9CVSS
7.4AI Score
0.194EPSS
Microsoft Windows Multiple Vulnerabilities (KB5000802)
This host is missing a critical security update according to Microsoft...
9.9CVSS
7.4AI Score
0.861EPSS
Microsoft Windows Multiple Vulnerabilities (KB4534273)
This host is missing a critical security update according to Microsoft...
9.8CVSS
7.1AI Score
0.969EPSS
KLA11084 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code and obtain sensitive information. Below is a complete list of...
8.8CVSS
8.3AI Score
0.955EPSS
Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-009)
The version of java-11-openjdk installed on the remote host is prior to 11.0.13.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-009 advisory. Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
6.8CVSS
6.8AI Score
0.002EPSS
Exploit for Code Injection in Provectus Ui
CVE-2023-52251-POC There is a Remote Code Execution...
8.8CVSS
9.7AI Score
0.92EPSS
Exploit for Command Injection in Paloaltonetworks Pan-Os
PAN-OS Firewall Exploit Script This script is designed to...
10CVSS
10AI Score
0.957EPSS
iSCSI Unauthenticated Target Detection
One or more of the iSCSI (Internet Small Computer Systems Interface) targets on the remote host are configured not to use an authentication mechanism, potentially allowing unauthorized access to the...
2.1AI Score
Windows Server 2012 May 2017 Security Updates
The remote Windows host is missing security update 4019214 or cumulative update 4019216. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit...
8.1CVSS
8.6AI Score
0.263EPSS
Fedora: Security Advisory for clamav (FEDORA-2024-1a79c2ef63)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for clamav (FEDORA-2024-92b8ac25a5)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for libcoap (FEDORA-2024-75863445ff)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
KB4338823: Windows 7 and Windows Server 2008 R2 July 2018 Security Update
The remote Windows host is missing security update 4338823 or cumulative update 4338818. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. ...
8.8CVSS
8.2AI Score
0.95EPSS
Fedora: Security Advisory for clamav (FEDORA-2024-34474f346b)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for libcoap (FEDORA-2024-450b75e4a0)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
Exploit for OS Command Injection in Cacti
Command injection vulnerability in Cacti (CVE-2023-39362) -...
7.2CVSS
8.1AI Score
0.016EPSS
Moxa Device Manager Gateway Detection
The remote service appears to be a Moxa Device Manager (MDM) Gateway. Moxa makes embedded computers for industrial applications, and their MDM Gateway product supports remote management of those computers through the...
4.1AI Score
Internet-Based Crime Rises to 11%, Nearing Traditional Theft Rates
Americans are nearly as likely to be victimized by Internet-based crime as by other forms of nonviolent theft. This perception emerges from a recent survey on crimes committed against individuals and their families. According to a Gallup Poll released Monday, 11% of American adults reported that...
7.2AI Score
Microsoft Windows Multiple Vulnerabilities (KB4528760)
This host is missing a critical security update according to Microsoft...
8.1CVSS
7.2AI Score
0.969EPSS
Description The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated...
8.8CVSS
6.3AI Score
0.0004EPSS
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This....
4.8CVSS
5.6AI Score
0.0004EPSS