An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious...
6.7AI Score
0.0004EPSS
Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities (APSB18-05)
Adobe Flash Player within Microsoft Edge or Internet Explorer is prone to multiple remote code execution (RCE)...
8.8CVSS
9.1AI Score
0.012EPSS
Microsoft Edge Browser Installed (Windows)
Microsoft Edge, the replacement for Internet Explorer, is installed on the remote Windows...
1AI Score
Exploit for Heap-based Buffer Overflow in Fortinet Fortiproxy
CVE-2023-27997 Vulnerability Assessment Tool Safely detect...
9.8CVSS
10AI Score
0.135EPSS
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which...
8.7CVSS
7AI Score
0.003EPSS
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are....
6.7AI Score
0.0004EPSS
An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious...
6.7AI Score
0.0004EPSS
Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities
Adobe Flash Player within Microsoft Edge or Internet Explorer is prone to multiple remote code execution (RCE)...
9.8CVSS
9.3AI Score
0.972EPSS
6.4CVSS
7.8AI Score
0.002EPSS
Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
7.5CVSS
6.8AI Score
0.05EPSS
(RHSA-2024:3067) Moderate: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
6.9AI Score
0.0004EPSS
OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the streamed-list-objects endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users openfga/openfga versions 0.2.3 and prior who are exposing the OpenFGA service to the...
5.3CVSS
5.3AI Score
0.001EPSS
Summary IBM MQ Internet Pass-Thru has addressed a vulnerability in which HTTP requests could cause a denial of service. Vulnerability Details CVEID: CVE-2024-25015 DESCRIPTION: IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would...
7.5CVSS
6.7AI Score
0.0004EPSS
OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function parse_mi_request while performing coverage-guided fuzzing. This issue can be reproduced by sending...
7.5CVSS
7.2AI Score
0.001EPSS
McAfee Web Reporter Detection (remote check)
McAfee Web Reporter, a reporting tool used to identify internet usage in an organization, is installed on the remote...
0.3AI Score
Internet Bug Bounty: CVE-2019-1551: rsaz_512_sqr overflow bug on x86_64
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are....
5.3CVSS
6.9AI Score
0.002EPSS
McAfee Web Reporter Installed (credentialed check)
McAfee Web Reporter, a reporting tool used to identify Internet usage in an organization, is installed on the remote Windows...
1.1AI Score
Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
7.5CVSS
6.8AI Score
0.05EPSS
7.8CVSS
8.9AI Score
0.314EPSS
A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input...
6.1CVSS
4.6AI Score
0.001EPSS
Exploit for Improper Authentication in Ivanti Endpoint Manager Mobile
CVE-2023-35078 Exploit POC ```sh ██████╗ ███╗ ...
9.8CVSS
7.2AI Score
0.968EPSS
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are...
6.7CVSS
6.1AI Score
0.001EPSS
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input...
6.1CVSS
4.4AI Score
0.001EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
7AI Score
0.0004EPSS
6.4CVSS
6.4AI Score
0.002EPSS
(RHSA-2024:3261) Important: tigervnc security update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients....
7.4AI Score
0.0005EPSS
7.5CVSS
8.6AI Score
0.076EPSS
8.1CVSS
8.5AI Score
0.002EPSS
Advantech WebAccess Webeye ActiveX Control Stack Based Buffer Overflow Vulnerability
The Advantec WebAccess application installed on the remote host includes a third party 'webeye.ocx' ActiveX control that is affected by a stack-based buffer overflow vulnerability when processing input to the 'ip_address' parameter. A remote attacker, using a specially crafted HTML file, can...
2.9AI Score
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4 or newer. Meridian and Horizon installation instructions state...
6.1CVSS
6.2AI Score
0.001EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
0.0004EPSS
Real Time Innovations (RTI) Connext Data Distribution Service (DDS) is installed on the remote host. RTI Connext DDS is a connectivity platform for Industrial Internet of Things (IIoT)...
1.8AI Score
Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon...
6.7CVSS
6.1AI Score
0.001EPSS
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user...
5.3CVSS
5.2AI Score
0.0004EPSS
Libreswan Installed (Linux / Unix)
Libreswan, a free software implementation of the most widely supported and standardized VPN protocol using 'IPsec' and the Internet Key Exchange ('IKE'), is installed on the remote Linux / Unix...
7.5AI Score
CVE-2023-38831 Winrar Exploit Generator (POC) This is a basic...
7.8CVSS
8.6AI Score
0.214EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
0.0004EPSS
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and...
6.7CVSS
6.2AI Score
0.001EPSS
Apache Log4Shell RCE detection via callback correlation (Direct Check NetBIOS)
By sending a special NetBIOS query, the server could potentially be affected remote code execution vulnerability. This plugin requires that both the scanner and target machine have internet...
3.3AI Score
Kaa IoT Administration Server Detection
The remote host is running the Kaa Internet of Things (IoT) administration server. Kaa is a multi-purpose toolkit for building and managing IoT solutions, applications, and smart...
1.4AI Score
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they....
7.1CVSS
6.8AI Score
0.0004EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040: CrushFTP File Read Vulnerability Overview...
10CVSS
9.5AI Score
0.966EPSS
The polyfill.js file is a popular open-source library to ensure old browsers compatibility when evaluating JavaScript code. Starting February 2024, the domain polyfill.io and the related GitHub account have been purchased by a malicious threat actor to inject malwares in all web applications...
7.5AI Score
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon....
6.8CVSS
6.5AI Score
0.001EPSS
A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25alert(9860) leads...
6.1CVSS
4.5AI Score
0.001EPSS
A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been...
9.8CVSS
7.4AI Score
0.001EPSS
A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input...
6.1CVSS
4.5AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%alert(5646) leads to cross site...
6.1CVSS
4.5AI Score
0.001EPSS
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...
6.1CVSS
6.5AI Score
0.0005EPSS