In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID:...
7.6AI Score
0.0004EPSS
In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID:...
6.5AI Score
0.0004EPSS
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET...
6.9AI Score
0.034EPSS
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php...
6.7AI Score
0.0004EPSS
7-Technologies IGSS < 9.0.0.11291 DLL Loading Arbitrary Code Execution
The installed version of IGSS from 7-Technologies is earlier than 9.0.0.11291 and is, therefore, potentially affected by an insecure DLL loading vulnerability. Attackers may exploit this issue by placing a specially crafted DLL file and another file associated with the application in a location...
4.9AI Score
6.8CVSS
7.3AI Score
0.001EPSS
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1...
7.8AI Score
0.004EPSS
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages...
8.2AI Score
0.0004EPSS
CVE-2024-3375 Broken Access Control in Havelsan's Dialogue
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or...
7.1AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: suricata-6.0.17-1.fc39
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
7.2AI Score
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Impact What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is...
7AI Score
0.001EPSS
[SECURITY] Fedora 40 Update: suricata-7.0.4-1.fc40
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
7.2AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
CVE-2024-32826 WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through...
6.6AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: suricata-6.0.17-1.fc38
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
7.2AI Score
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to...
8.1CVSS
6.8AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through...
5.9CVSS
7.2AI Score
0.0004EPSS
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any...
7.5CVSS
7.5AI Score
0.0004EPSS
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any...
7.5CVSS
7.5AI Score
0.0004EPSS
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any...
7.5CVSS
7.5AI Score
0.0004EPSS
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed...
8.8CVSS
7.5AI Score
0.0004EPSS
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d Authentication Bypass (CVE-2023-4957)
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...
7.3AI Score
CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...
6.9AI Score
0.0004EPSS
libreoffice security fix update
[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...
6.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
7.6AI Score
0.0004EPSS
CentOS 9 : perl-Encode-3.08-462.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the perl- Encode-3.08-462.el9 build changelog. Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in...
7.7AI Score
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the...
9.8CVSS
7.7AI Score
0.0004EPSS
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...
6.4CVSS
7.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
6.9AI Score
0.0004EPSS
VMware vCenter is running on the remote host. It is an enterprise- grade computer virtualization product from VMware,...
1.9AI Score
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to...
7.1CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from...
7.5AI Score
0.0004EPSS
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access...
7.5CVSS
7.5AI Score
0.0004EPSS
Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt.....
9.8CVSS
7.4AI Score
0.0004EPSS
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller...
7.5CVSS
7.5AI Score
0.0004EPSS
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any...
7.5CVSS
7.5AI Score
0.0004EPSS
NodeBB XML-RPC Request xmlrpc.php - XML Injection
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC...
9.9AI Score
0.161EPSS
ZZZCMS 1.6.1 - Remote Code Execution
ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert...
7.5AI Score
0.024EPSS
Active debug code vulnerability exists in MZK-MF300N all firmware versions. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be...
7.5AI Score
0.0004EPSS
Generic HTTP Directory Traversal (Web Dirs) - Active Check
Generic check for HTTP directory traversal vulnerabilities on each directory of the remote web...
8AI Score
0.975EPSS
Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain...
8.3AI Score
0.0004EPSS
Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be...
5.4CVSS
5.3AI Score
0.0004EPSS
Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability.....
8.8CVSS
8.9AI Score
0.001EPSS
Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the...
6.1CVSS
6.5AI Score
0.001EPSS
Updated chromium-browser-stable packages fix security vulnerabilities
The chromium-browser-stable package has been updated to the 124.0.6367.60 release. It includes 23 security fixes. Please, do note, only x86_64 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest...
8.6AI Score
0.001EPSS
An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via...
9.1CVSS
7.2AI Score
0.001EPSS
Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the...
5.2CVSS
5.6AI Score
0.0005EPSS
RHEL 7 : perl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl: loading of modules from current directory (CVE-2016-1238) perl: XSLoader loads relative paths not...
8.1AI Score
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured...
7.3AI Score
0.0004EPSS