Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19...
7.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19...
6.1CVSS
6.3AI Score
0.0005EPSS
Mitsubishi Electric FA Engineering Software
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to...
9.3CVSS
7.8AI Score
0.0004EPSS
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead.....
7.5CVSS
7.9AI Score
0.963EPSS
Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.
WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server...
8.1AI Score
Command Execution Vulnerability in Reporter Component of Shanghai Newshield Technology Co.
Ltd. is a professional security company with "network security" as the main axis and "make the network more secure" as the mission to provide customers with network security solutions. A command execution vulnerability exists in the Reporter component of Neudun Shanghai, which can be exploited by.....
7.3AI Score
co-cbstagebank.nl Cross Site Scripting vulnerability OBB-3403366
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Information leakage vulnerability in Jaeger Reports of Beijing Guo Torch Information Technology Co.
Beijing Guo Torch Information Technology Co., Ltd. is an information technology company engaged in computer software research and development, application and service, providing all-round support for large and medium-sized application system engineering. An information leakage vulnerability exists....
6.5AI Score
Deserialization Vulnerability in U8 Cloud of UFIDA Network Technologies Co.
U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A deserialization vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to remotely execute...
7AI Score
XSS Vulnerability in YouSpace APP of UFIDA Network Technology Co.
YouSpace APP is an enterprise space management software. YouSpace APP of UFIDA Network Technology Co., Ltd. suffers from an XSS vulnerability, which can be exploited by attackers to obtain sensitive information such as user...
5.9AI Score
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a.....
6.6AI Score
Fastjson Deserialization Vulnerability in YouSpace APP of UFIDA Network Technology Co.
YouSpace APP is an enterprise space management software. YouSpace APP of UFIDA Network Technology Co. Ltd. suffers from a Fastjson deserialization vulnerability, which can be exploited by attackers to execute malicious...
7.2AI Score
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a.....
6.6AI Score
Arbitrary File Read Vulnerability in M7160DW of Zhuhai Pento Printing Technology Co.
The M7160DW is a black-and-white laser MFP that supports printing, copying and scanning functions with USB, wired network, LAN and WIFI connectivity. The M7160DW of Zhuhai Pento Printing Technology Co., Ltd. suffers from an arbitrary file read vulnerability, which can be exploited by an attacker...
6.7AI Score
Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A SQL injection vulnerability exists in the Smart Park Integrated Management Platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited by...
7.6AI Score
Logic Flaw Vulnerability in Pantum M6700DW Series from Zhuhai Pentium Printing Technology Co.
Zhuhai Bento Printing Technology Co., Ltd. is a printer to master the core technology and independent intellectual property rights, research and development, design, production, sales of printers, consumables and printing output solutions as one of the enterprises. Zhuhai Pantum Printing...
6.6AI Score
7.1AI Score
Beijing StarNet Ruijie Network Technology Co., Ltd. is an ICT infrastructure and industry solutions provider. A command execution vulnerability exists in various products of Beijing StarNet Ruijie Network Technology Co., Ltd. that can be exploited by attackers to gain server...
7.4AI Score
Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted...
6.1CVSS
6.2AI Score
0.001EPSS
SQL Injection Vulnerability in Beijing Century Super Star Information Technology Development Co.
Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. Beijing Century Super Star Information Technology Development Limited Liability Company Super Star Huiya Electronic Library...
7.5AI Score
Beijing Hongjing Century Software Co., Ltd. is a professional e-HR vendor in China. A SQL injection vulnerability exists in the human resources information management system of Beijing Hongjing Century Software Company Limited, which can be exploited by an attacker to obtain sensitive information.....
7.5AI Score
Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. There is a logic flaw vulnerability in the internship training management system of Beijing Century Super Star Information...
6.7AI Score
Beijing Qixingchen Information Security Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the 4A Unified Security Control Platform of Beijing Qixingchen Information Security...
7.4AI Score
Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. A logic flaw vulnerability exists in the Beijing Century Super Star Information Technology Development Limited Liability...
6.5AI Score
Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
8.8CVSS
8.7AI Score
0.001EPSS
Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
5AI Score
0.0005EPSS
Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
5AI Score
0.0005EPSS
Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary...
6.1CVSS
6AI Score
0.001EPSS
Oracle Linux 8 : openssl (ELSA-2020-1840)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1840 advisory. Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is...
5.3CVSS
6.8AI Score
0.015EPSS
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.8AI Score
0.0004EPSS
CVE-2023-39164 WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19...
7.1CVSS
6.4AI Score
0.0005EPSS
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training...
7.2AI Score
In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges...
7.5CVSS
7.2AI Score
0.001EPSS
CVE-2023-0839 Improper Error Handling in inSCADA
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...
9.8CVSS
9.7AI Score
0.002EPSS
In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges...
7.5CVSS
7.2AI Score
0.001EPSS
In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges...
4.4CVSS
4.7AI Score
0.0004EPSS
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt...
9.8CVSS
10AI Score
0.001EPSS
SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt...
9.8CVSS
9.5AI Score
0.002EPSS
SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt...
9.8CVSS
9.4AI Score
0.001EPSS
SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt...
9.8CVSS
10AI Score
0.001EPSS
In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
4.4CVSS
4.6AI Score
0.0004EPSS
Starlette has Path Traversal vulnerability in StaticFiles
Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix():...
7.5CVSS
6.6AI Score
0.006EPSS
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution...
5.5CVSS
5.2AI Score
0.0004EPSS
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution...
7.8CVSS
7.7AI Score
0.0004EPSS
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution...
5.5CVSS
5.4AI Score
0.0004EPSS
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution...
7.8CVSS
7.7AI Score
0.0004EPSS
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution...
7.8CVSS
7.7AI Score
0.0004EPSS
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution...
5.5CVSS
5.2AI Score
0.0004EPSS
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution...
5.5CVSS
5.2AI Score
0.0004EPSS
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution...
7.8CVSS
7.7AI Score
0.0004EPSS