Tussendoor Internet & Marketing Security Vulnerabilities
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...
6.1CVSS
6.5AI Score
0.0005EPSS
The remote host is running Skype, a peer-to-peer Voice over Internet Protocol (VoIP) application. By connecting to the remote port, it is possible to query the remote service to obtain the stack version and its...
2.6AI Score
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the....
5.3CVSS
7AI Score
0.0005EPSS
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the...
6.8CVSS
0.0004EPSS
Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability...
9.8CVSS
10AI Score
0.002EPSS
The remote Windows host is running one or more Okta Browser Plugins for Microsoft Internet Explorer, Google Chrome, or Mozilla Firefox. This plugin allows third-party applications to authenticate via SAML with the Okta Cloud SSO web...
2.1AI Score
Check Point Quantum Gateway Directory Traversal (Direct Check)
A directory traversal vulnerability exists in Checkpoint Security Gateways with the IPsec VPN or Mobile Access software blades enabled. An unauthenticated attacker can exploit this issue to read certain information on Internet-connected Gateways with remote access VPN or mobile access...
8.6CVSS
6.8AI Score
0.945EPSS
Ransomware Attacks Are Getting Worse
Plus: US lawmakers have nothing to say about an Israeli influence campaign aimed at US voters, a former LA Dodgers owner wants to fix the internet, and...
7.2AI Score
Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's...
8.1CVSS
6.8AI Score
0.001EPSS
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely....
7.5CVSS
7AI Score
0.001EPSS
Apache Log4Shell RCE detection via callback correlation (Direct Check MSRPC)
The remote host appears to be running MSRPC. MSRPC itself is not vulnerable to Log4Shell; however, the MSRPC server could potentially be affected if it attempts to log data via a vulnerable log4j library. This plugin requires that both the scanner and target machine have internet...
3.9AI Score
WP ULike < 2.7.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and...
5.4CVSS
5.4AI Score
0.002EPSS
Apache Log4Shell RCE detection via callback correlation (Direct Check SSH)
The remote host appears to be running SSH. SSH itself is not vulnerable to Log4Shell; however, the SSH server could potentially be affected if it attempts to log data via a vulnerable log4j library. This plugin requires that both the scanner and target machine have internet...
4AI Score
Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't (fully).....
6.1CVSS
6.1AI Score
0.001EPSS
7AI Score
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...
4.7CVSS
4.9AI Score
0.0004EPSS
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...
4.7CVSS
0.0004EPSS
7.5CVSS
7.4AI Score
0.008EPSS
CVE-2024-37182 Lack of permissions prompting when opening external URLs
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...
4.7CVSS
0.0004EPSS
CVE-2024-37182 Lack of permissions prompting when opening external URLs
Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...
4.7CVSS
7.1AI Score
0.0004EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094 Basic POC to test CVE-2024-3094 vulnerability...
10CVSS
7.5AI Score
0.133EPSS
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc......
6.8AI Score
0.0004EPSS
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc......
6.8AI Score
0.0004EPSS
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action.....
6.5CVSS
7AI Score
0.001EPSS
TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet...
7.5CVSS
8.4AI Score
0.001EPSS
Crestron Device Detection (CIP)
Crestron Internet Protocol (CIP) based detection of Crestron ...
7.3AI Score
Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be...
5.4CVSS
5.4AI Score
0.0004EPSS
(RHSA-2024:3271) Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
7.2AI Score
0.05EPSS
Ivanti Policy Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)
The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a server-side request forgery vulnerability in web components of Ivanti Policy Secure (9.x, 22.x) which allows an unauthenticated attacker to send specially crafted requests to cause unauthorized...
8.2CVSS
7.1AI Score
0.961EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be...
5.4CVSS
5.3AI Score
0.0004EPSS
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created...
9.1CVSS
6.5AI Score
0.001EPSS
Ivanti Connect Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)
The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a server-side request forgery vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) which allows an unauthenticated attacker to send specially crafted requests to cause unauthorized.....
8.2CVSS
7.1AI Score
0.961EPSS
Ivanti Connect Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)
The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) which allows an unauthenticated attacker to send specially crafted requests and execute arbitrary commands...
9.1CVSS
9.4AI Score
0.969EPSS
Kaspersky Multiple Products 'Bases' Directory Insecure Permissions
The version of either Kaspersky Anti-Virus or Kaspersky Internet Security installed on the remote host has a local privilege escalation vulnerability. The Everyone group has Full Control rights to the 'Bases' directory. This directory contains antivirus bases, configuration files, and executable...
3.1AI Score
Ivanti Policy Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)
The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a command injection vulnerability in web components of Ivanti Policy Secure (9.x, 22.x) which allows an unauthenticated attacker to send specially crafted requests and execute arbitrary commands on.....
9.1CVSS
9.4AI Score
0.969EPSS
Exploit for Code Injection in Citrix Netscaler Application Delivery Controller
CVE-2023-3519 Inspector The cve_2023_3519_inspector.py is...
7AI Score
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
9.8CVSS
9.2AI Score
0.001EPSS
Ivanti Connect Secure 9.x / 22.x SSRF (CVE-2024-21893)
The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a server-side request forgery vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) which allows an unauthenticated attacker to send specially crafted requests and have the server...
8.2CVSS
7AI Score
0.961EPSS
Exploit for Deserialization of Untrusted Data in Microsoft
nse-exchange Nmap NSE scripts to check against exchange...
9.1AI Score
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for...
5.5CVSS
5.8AI Score
0.0004EPSS
Ivanti Policy Secure 9.x / 22.x SSRF (CVE-2024-21893)
The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a server-side request forgery vulnerability in web components of Ivanti Policy Secure (9.x, 22.x) which allows an unauthenticated attacker to send specially crafted requests and have the server...
8.2CVSS
7.5AI Score
0.961EPSS
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin.....
6.5CVSS
6.4AI Score
0.001EPSS
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled src_type and element_url variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a.....
9.8CVSS
9.2AI Score
0.001EPSS
MobileIron Core Log4Shell Direct Check (CVE-2021-44228)
A remote code execution vulnerability exists in MobileIron Core in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via.....
10CVSS
2.3AI Score
0.976EPSS
Exploit for Improper Authentication in Ivanti Endpoint Manager Mobile
CVE-2023-35078 Exploit POC CVE-2023-35078 Remote...
9.8CVSS
9.2AI Score
0.968EPSS
7.4AI Score
0.0004EPSS