CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for....
7.1CVSS
6.9AI Score
0.0005EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315 Openfire Console Authentication Bypass...
8.6CVSS
8.1AI Score
0.974EPSS
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Compress and PostgreSQL. Vulnerabilities include causing a denial of service condition, and executing arbitrary SQL functions as the command issuer, as described by the CVEs in the "Vulnerability Details"....
8.1CVSS
7.7AI Score
0.001EPSS
Add, lookup and delete computer / machine accounts via MS-SAMR. By default standard active directory users can add up to 10 new computers to the domain. Administrative privileges however are required to delete the created...
7.4AI Score
Security Bulletin: Vulnerability in Linux Kernel could affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by a vulnerability in Linux Kernel. A remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system as described by the CVE in the "Vulnerability Details" section. (CVE-2023-45871)...
7.5CVSS
7.6AI Score
0.001EPSS
FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing...
7.1CVSS
6.9AI Score
0.0004EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...
8AI Score
0.0004EPSS
Summary IBM Java SDK is used by Power Hardware Management Console (HMC). Since V10R1 is a Java 8 based HMC, HMC has addressed the affected CVEs, which were specific to Java 8: CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, and CVE-2023-33850. The specified CVEs...
7.5CVSS
6.7AI Score
0.001EPSS
An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...
8.8CVSS
7.2AI Score
0.0004EPSS
Intelligent Platform Management Interface (IPMI) Detection (IPMI Protocol)
Detection of services supporting the Intelligent Platform Management Interface...
7.3AI Score
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in OpenSSL and Linux Kernel. A remote or local authenticated attacker could exploit these vulnerabilities to break SSH extension negotiation and downgrading the client connection security, to cause the system to crash, to.....
7.8CVSS
8.9AI Score
0.963EPSS
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *.Doing this will grant the user access to read, query, edit and delete all data sources within the...
6CVSS
5.9AI Score
0.0004EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.5AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762 Check Safely detect whether a FortiGate SSL...
9.8CVSS
7.1AI Score
0.018EPSS
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific...
6.1CVSS
6.6AI Score
0.002EPSS
CVE-2024-3539 Campcodes Church Management System addgiving.php sql injection
A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely....
6.3CVSS
7AI Score
0.0004EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.5AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)
The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported version, is a version containing multiple vulnerabilities, including the following: Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard...
9.8CVSS
3.5AI Score
0.003EPSS
IBM Endpoint Manager Enrollment and Apple iOS Management Extender Detection
The remote host is running IBM Endpoint Manager Enrollment and Apple iOS Management Extender. These are web application components included with IBM Endpoint Manager for Mobile...
1.1AI Score
iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope...
4.1CVSS
6.9AI Score
0.0004EPSS
HP Universal Configuration Management Database Data Flow Probe Gateway Detection
The login page for HP Universal Configuration Management Database Data Flow Probe Gateway, an agent for a configuration management system, was detected on the remote web...
2.8AI Score
Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...
6.7AI Score
0.0004EPSS
Symantec Message Filter Management Interface Default Credentials
Brightmail Control Center (BCC) is the administrative web interface for Symantec Message Filter. It is possible to log into the remote BCC by providing the default credentials. A remote attacker could exploit this to gain administrative control of the...
7.7AI Score
Grafana's users with permissions to create a data source can CRUD all data sources
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the...
6CVSS
5.9AI Score
0.0004EPSS
CVE-2023-32333 IBM Maximo Asset Management improper access control
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: ...
6.5CVSS
8.9AI Score
0.001EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.5AI Score
6.8CVSS
7.1AI Score
0.0004EPSS
CVE-2024-6372 itsourcecode Tailoring Management System customeradd.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file customeradd.php. The manipulation of the argument fullname/address/phonenumber/sex/email/city/comment leads to sql injection. It is possible to...
6.3CVSS
0.0004EPSS
CVE-2024-6196 itsourcecode Banking Management System admin_class.php sql injection
A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit...
7.3CVSS
7.3AI Score
0.0004EPSS
NETGEAR ProSAFE Network Management System Authentication Bypass (CVE-2023-38096)
The NETGEAR ProSAFE Network Management System (NMS) running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to perform actions that require...
9.8CVSS
7.1AI Score
0.0005EPSS
PyTorch Model Server Registration and Deserialization RCE
The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...
10CVSS
10AI Score
0.022EPSS
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
6.9AI Score
0.0004EPSS