The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, ...
9.8CVSS
3.4AI Score
0.003EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature. Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this...
1.6AI Score
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...
8.1CVSS
6.5AI Score
0.002EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...
8.8CVSS
8.2AI Score
0.001EPSS
K32544615: BIG-IP iControl REST API vulnerability CVE-2024-22389
Security Advisory Description When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. (CVE-2024-22389) Impact This vulnerability may allow an authenticated attacker to use deleted or updated API tokens on the peer...
7.2CVSS
7AI Score
0.0004EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature. Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this...
1.6AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7AI Score
EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7AI Score
EPSS
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser...
5.5CVSS
5.4AI Score
0.0004EPSS
K000137521: BIG-IP AFM vulnerability CVE-2024-21763
Security Advisory Description When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2024-21763) Impact Traffic is disrupted while the TMM process...
7.5CVSS
7.7AI Score
0.0004EPSS
Microsoft Open Management Infrastructure Detection (Unix / Linux)
Microsoft Open Management Infrastructure is installed on the remote...
0.4AI Score
Yealink Device Management Platform Web Interface Detection
The web interface for Yealink Device Management Platform, a communications device management platform, was detected on the remote...
7.4AI Score
Patch Management: Symantec Altiris Computer Info Initialization
This script initializes computer information from the Symantec Altiris database, making it available to the reporting...
1.2AI Score
Symantec Endpoint Protection Management Console RCE Vulnerability
Symantec Endpoint Protection is prone to a remote code execution (RCE)...
8.9AI Score
0.003EPSS
IBM Engineering Requirements Management DOORS Installed (Windows)
IBM Engineering Requirements Management DOORS (formerly IBM Rational DOORS) is installed on the remote Windows...
7.2AI Score
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the...
8.8CVSS
8.7AI Score
0.001EPSS
elFinder 2.1.58 - Remote Code Execution
elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal...
9.8CVSS
9.5AI Score
0.973EPSS
NETGEAR ProSAFE Network Management System (NMS) Detection
NETGEAR ProSAFE Network Management System (NMS), a network management application, is running on the remote...
7AI Score
Sophos Unified Threat Management (UTM) Remote Detection
The WebAdmin console for a Sophos Unified Threat Management (UTM) appliance was detected on the remote host. Note the plugin attempts to retrieve the firmware version information from the API when HTTP Basic authentication credentials are supplied. If the API is not enabled, the WebAdmin console...
2AI Score
K000139592: libxml2 vulnerability CVE-2023-29469
Security Advisory Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs...
6.5CVSS
6.7AI Score
0.001EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
EPSS
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version...
7.2CVSS
5AI Score
0.001EPSS
BlackBerry Enterprise Service (BES) Management Console Detection
BlackBerry Enterprise Service (BES) Management Console, the web management console for a software suite for linking wireless networks and devices with messaging and application servers, is running on the remote...
2.5AI Score
K000139922: Open vSwitch vulnerabilities CVE-2023-3966 and CVE-2023-5366
Security Advisory Description CVE-2023-3966 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is...
7.5CVSS
7.1AI Score
0.0004EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
6.7AI Score
EPSS
Microsoft Intune Management Tampering (CVE-2024-30059)
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6.1CVSS
7.3AI Score
0.0004EPSS
Microsoft SQL Server Management Studio (SSMS) Installed
Microsoft SQL Server Management Studio (SSMS) is installed on the remote Windows...
1.3AI Score
HP Universal Configuration Management Database Server Detection
The login page for HP Universal Configuration Management Database Server, an enterprise configuration management system, was detected on the remote web...
1.9AI Score
Patch Management: Get Packages from Symantec Altiris
This plugin connects to the Symantec Altiris database to obtain information on the host's installed packages. It does not connect to the target...
0.8AI Score
Patch Management: Missing Updates from Symantec Altiris
This plugin connects to the Symantec Altiris database to obtain information on the host's missing updates. It does not connect to the target...
0.8AI Score
co-matic.com Cross Site Scripting vulnerability OBB-3858335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to....
7.1CVSS
7AI Score
0.0005EPSS
CVE-2024-5759 Improper privilege management
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required...
5.4CVSS
0.0004EPSS
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...
7.2CVSS
7.5AI Score
0.002EPSS
K000139898: PyYAML vulnerabilities CVE-2020-1747 and CVE-2020-14343
Security Advisory Description CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use...
9.8CVSS
7.5AI Score
0.006EPSS
An out-of-bounds read in Organization Specific TLV was found in various versions of...
9.8CVSS
9.3AI Score
0.002EPSS
K000139901: PyYAML vulnerability CVE-2017-18342
Security Advisory Description In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. (CVE-2017-18342) Impact.....
9.8CVSS
9.6AI Score
0.014EPSS
K000139917: Libxml2 vulnerability CVE-2022-40303
Security Advisory Description An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading....
7.5CVSS
7.6AI Score
0.005EPSS
VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...
4.9CVSS
0.0004EPSS
VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...
4.9CVSS
6.8AI Score
0.0004EPSS
Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery,, denial of service, and arbitrary code execution, as described in the "Vulnerability...
5.9CVSS
8.4AI Score
0.0004EPSS
Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.1AI Score
0.0004EPSS
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the permission to write/edit...
6.5CVSS
7AI Score
0.0004EPSS
K000139897: Linux kernel vulnerability CVE-2023-42753
Security Advisory Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h->nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer...
7.8CVSS
6.4AI Score
0.0004EPSS
lunary-ai/lunary allows users unauthorized access to projects
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
6.8AI Score
0.0004EPSS
Datto RMM (Remote Monitoring and Management) Installed (Windows)
Datto RMM (Remote Monitoring and Management) is installed on the remote Windows...
7.5AI Score