Mattermost Desktop App Remote Code Execution
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...
4.7CVSS
7AI Score
0.0004EPSS
Internet Key Exchange (IKE) Aggressive Mode Information Disclosure Vulnerability (CVE-2002-1623)
Internet Key Exchange (IKE) protocol enabled services running in / supporting the aggressive mode are prone to an information disclosure...
6.2AI Score
0.004EPSS
Microsoft Internet Information Services (IIS) Multiple Vulnerabilities (MS02-018) - Active Check
Microsoft Internet Information Services (IIS) is prone to multiple...
7.6AI Score
0.966EPSS
SAP NetWeaver Development Infrastructure - Server Side Request Forgery
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...
9.9CVSS
9.4AI Score
0.396EPSS
CVE-2023-5694 CodeAstro Internet Banking System pages_system_settings.php cross site scripting
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input alert(991) leads to cross site scripting. It is possible to...
3.5CVSS
6.2AI Score
0.001EPSS
Check Point Quantum Gateway - Information Disclosure
CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software...
8.6CVSS
8.3AI Score
0.945EPSS
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products...
6.2AI Score
0.204EPSS
Exploit for Path Traversal in Microsoft
CVE-2021-40444 builders This repo contain builders of cab...
8.8CVSS
7AI Score
0.969EPSS
Sidekiq <=6.2.0 - Cross-Site Scripting
Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is...
6.1CVSS
6.3AI Score
0.008EPSS
Jellyfin <10.7.0 - Local File Inclusion
Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at...
7.7CVSS
6.3AI Score
0.263EPSS
CVE-2023-5694 CodeAstro Internet Banking System pages_system_settings.php cross site scripting
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input alert(991) leads to cross site scripting. It is possible to...
3.5CVSS
6.2AI Score
0.001EPSS
Selligent Message Studio Detection
The remote web server hosts Selligent Message Studio, an email marketing campaign management...
1.4AI Score
9.8CVSS
7.4AI Score
0.919EPSS
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products...
7.4AI Score
0.204EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.5CVSS
6.8AI Score
0.0004EPSS
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....
6.5CVSS
6.8AI Score
0.0004EPSS
7.5CVSS
8.8AI Score
0.076EPSS
...
7.5CVSS
7.2AI Score
0.076EPSS
Exploit for OS Command Injection in Gitlab
CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce...
9.9CVSS
8.5AI Score
0.455EPSS
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful...
7.5CVSS
6.5AI Score
0.001EPSS
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful...
7.5CVSS
6.5AI Score
0.001EPSS
Internet Bug Bounty: Path traversal by monkey-patching Buffer internals
Summary: In Node.js 20 and Node.js 21, the permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve().....
9.8CVSS
7AI Score
EPSS
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...
7.5CVSS
6.8AI Score
0.0004EPSS
F-Secure Anti-Virus Installed (Windows)
F-Secure Anti-Virus is installed on the remote Windows...
7.1AI Score
Newsletter < 7.4.5 - Cross-Site Scripting
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as....
6.1CVSS
5.9AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from...
6.1CVSS
7AI Score
0.0005EPSS
CVE-2023-45053 WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7.1AI Score
0.0004EPSS
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
...
7.5CVSS
6.8AI Score
0.008EPSS
CVE-2023-45053 WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...
4.3CVSS
6.9AI Score
0.0004EPSS
Moderate: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....
7AI Score
0.0004EPSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...
4.3CVSS
7.1AI Score
0.0004EPSS
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
8.8CVSS
8.9AI Score
0.001EPSS
6.5CVSS
7.6AI Score
0.001EPSS
Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and.....
5.5CVSS
5.4AI Score
0.001EPSS
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
...
7.5CVSS
8.2AI Score
0.008EPSS
Moderate: traceroute security update
The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Security Fix(es): traceroute: improper command line parsing (CVE-2023-46316) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and...
5.5CVSS
6.6AI Score
0.0004EPSS
The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update...
4.3CVSS
5.2AI Score
0.0004EPSS
Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root...
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Precor touchscreen console P82 contains a private SSH key that corresponds to a default public key. A remote attacker could exploit this to gain root...
6.8AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.001EPSS
CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging...
9.8CVSS
9.1AI Score
0.944EPSS
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option via a forged...
4.3CVSS
5.2AI Score
0.0004EPSS
The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged...
4.3CVSS
5.2AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.001EPSS
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Zend_Filter_StripTags contained an optional setting to allow whitelisting HTML comments in filtered text. Microsoft Internet Explorer and several other browsers allow developers to create conditional functionality via HTML comments, including execution of script events and rendering of additional.....
6AI Score
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...
6.5CVSS
6.4AI Score
0.001EPSS
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Zend_Filter_StripTags contained an optional setting to allow whitelisting HTML comments in filtered text. Microsoft Internet Explorer and several other browsers allow developers to create conditional functionality via HTML comments, including execution of script events and rendering of additional.....
6AI Score