Unisoc (Shanghai) Technologies Co., Ltd. Security Vulnerabilities
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting
SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp=...
6.1CVSS
6AI Score
0.001EPSS
Malicious code in co-pilot-auth_web (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d490be43502540c62a740310c0ab3d38a35220e7b32f029a0c7e79e191104015) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
6.6AI Score
0.001EPSS
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to...
5.4CVSS
6.5AI Score
0.001EPSS
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server...
7.2CVSS
7.6AI Score
0.001EPSS
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
6.5AI Score
0.001EPSS
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted...
5.4CVSS
6.3AI Score
0.001EPSS
7-Technologies AQUIS Detection
AQUIS is installed on the remote Windows host. It is a tool developed by 7-Technologies for hydraulic modeling of a water...
2.3AI Score
7-Technologies TERMIS Detection
TERMIS is installed on the remote Windows host. It is a tool developed by 7-Technologies for hydraulic modeling of an energy...
1.4AI Score
RealFlex Technologies RealWin Detection
RealWin, a SCADA server package from RealFlex Technologies to monitor and control real-time applications, is installed on the remote Windows...
2.2AI Score
7.5CVSS
7.9AI Score
0.005EPSS
shanghai-express.co.uk Cross Site Scripting vulnerability OBB-3910285
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel
RNDIS-CO Summary The RNDIS USB Gadget may be exploited...
6.9AI Score
Keysight Technologies Sensor Management Server Detection
The Keysight Sensor Management Server (SMS), a component of the Keysight RF Sensor Software, is running on the remote...
0.7AI Score
7-Technologies / Schneider-Electric IGSS Detection
IGSS (Interactive Graphical SCADA System) is installed on the remote Windows host. It is a SCADA system for process control and supervision developed by 7-Technologies /...
2.5AI Score
CVE-2024-2882 Missing Authorization in SDG Technologies PnPSCADA
SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA...
0.0004EPSS
co-iki.org Cross Site Scripting vulnerability OBB-3898416
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
turn8.co Cross Site Scripting vulnerability OBB-3899708
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges...
6.6AI Score
0.0004EPSS
In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...
6.6AI Score
0.0004EPSS
Keysight Technologies Sensor Management Server Deserialization RCE (CVE-2022-1660)
The Keysight Sensor Management Server (SMS) running on the remote host is affected by a Java object deserialization vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code in the context of the account running the Keysight SMS....
9.8CVSS
2.9AI Score
0.006EPSS
In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges...
6.2AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
6.7AI Score
0.0004EPSS
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...
6.5AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
6.7AI Score
0.0004EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
7.5CVSS
6.4AI Score
0.001EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
6.7AI Score
0.001EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
7.5CVSS
0.001EPSS
Kibana Timelion - Arbitrary Code Execution
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...
10CVSS
9.7AI Score
0.97EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
0.001EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
6.7AI Score
0.0004EPSS
Keysight Technologies Sensor Management Server addLicenseFile Path Traversal (CVE-2022-38129)
The Keysight Sensor Management Server (SMS) running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to upload and run arbitrary executable files in the context of the account running the...
9.8CVSS
4.5AI Score
0.007EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
7.2AI Score
0.0004EPSS
7-Technologies AQUIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
The installed version of 7-Technologies AQUIS on the remote Windows host is 1.5 dated October 13, 2011 or earlier. As such, it insecurely looks in its current working directory when resolving DLL dependencies. Attackers may exploit this issue by placing a specially crafted DLL file and another...
4.7AI Score
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
7.3AI Score
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
0.0004EPSS
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
6.8AI Score
0.0004EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted...
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
7AI Score
0.0004EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
8.1AI Score
0.0004EPSS
7-Technologies TERMIS Unspecified Path Subversion Arbitrary DLL Injection Code Execution
The installed version of 7-Technologies TERMIS on the remote Windows host is 2.10 dated November 30, 2011 or earlier. As such, it insecurely looks in its current working directory when resolving DLL dependencies. Attackers may exploit this issue by placing a specially crafted DLL file and another.....
4.7AI Score
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
6.9AI Score
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
0.0005EPSS
Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware
CVE-2023-43261 - PoC Critical Vulnerability Exposes...
7.5CVSS
7.9AI Score
0.007EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
7.2AI Score
0.0005EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
0.0004EPSS