Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role,...
9.8CVSS
8.2AI Score
0.974EPSS
5.4CVSS
7.1AI Score
0.0005EPSS
MinIO information disclosure vulnerability
Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...
5.3CVSS
6.9AI Score
0.0004EPSS
design-interior.ck.ua Cross Site Scripting vulnerability OBB-3905563
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Tenable Core Web Interface Detection
A Tenable Core Web Interface was detected on the remote...
7.1AI Score
Draytek VigorConnect Web UI Detection
The web application running on the remote web server is Draytek VigorConnect. Draytek VigorConnect is a network management web application for DrayTek...
7.1AI Score
Apache Pluto Web Interface Detection
The web interface for Apache Pluto was detected on the remote host. Apache Pluto is a portlet specification reference implementation and technology compliance...
2.1AI Score
Web Site Hosting Malicious Binaries
The MD5 sum of one or more binaries hosted on the remote web server matches known malware. This may indicate that the remote site was compromised. Note that Nessus has only scanned files with the following extensions : exe , dll , scr , drv , sys , bat , cmd , com , cpl , csh , gadget ,...
0.8AI Score
7.5CVSS
7.1AI Score
0.001EPSS
6.5CVSS
7.2AI Score
0.002EPSS
StreamSets Data Collector Web Detection
StreamSets Data Collector, a tool for building pipelines, was detected based on the web interface. Note that for this detection, ports 18630 and 18636 will need to be added to the Nessus port...
1.1AI Score
Exploit for OS Command Injection in Gitlab
CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce...
9.9CVSS
8.5AI Score
0.455EPSS
The Trend Micro InterScan Web Security Virtual Appliance (IWSVA) is affected by a remote code execution vulnerability. A stack-based buffer overflow condition exists in the DecryptPasswd function in libuiauutil.so due to improper validation of user-supplied data before copying it to a fixed-size,.....
9.8CVSS
4AI Score
0.027EPSS
Schneider Electric InduSoft Web Studio < 7.1.3.4 Multiple Information Disclosures (SEVD-2015-054-01)
According to its self-reported version, the installation of Schneider Electric InduSoft Web Studio running on the remote host is prior to 7.1.3.4. It is, therefore, affected by the multiple information disclosure vulnerabilities : A hard-coded plaintext password is used to control read ...
0.7AI Score
0.004EPSS
design-compe.jp Cross Site Scripting vulnerability OBB-3910068
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...
0.0004EPSS
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...
7.3AI Score
0.0004EPSS
CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...
2.7CVSS
4.2AI Score
0.0004EPSS
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...
2.6CVSS
0.0004EPSS
CVE-2023-4479 Stored XSS Vulnerability in M-Files Web
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time...
7.3CVSS
6.8AI Score
0.0004EPSS
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (packages/renderer/htmlUtils.ts::sanitizeHtml) preserves <map> <a...
8.2CVSS
6AI Score
0.0004EPSS
5.4CVSS
6.7AI Score
0.0005EPSS
CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...
2.7CVSS
6.8AI Score
0.0004EPSS
Cisco Unified MeetingPlace Web Conferencing Unauthorized Password Change Security Bypass
According to its self-reported version number, the installation of Cisco Unified MeetingPlace Web Conferencing hosted on the remote web server is potentially affected by a security bypass vulnerability due to the lack of validation of the current password and HTTP session ID during a password...
6.7AI Score
0.002EPSS
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...
2.6CVSS
6.9AI Score
0.0004EPSS
Apache ActiveMQ's default configuration doesn't secure the API web context
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia....
8.5CVSS
7.3AI Score
0.0004EPSS
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...
5.4CVSS
6.5AI Score
0.001EPSS
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...
5.4CVSS
6.5AI Score
0.001EPSS
CVE-2024-37295 Aimeos Core remote code execution in web server context
Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...
7.2CVSS
0.0004EPSS
CVE-2024-37295 Aimeos Core remote code execution in web server context
Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...
7.2CVSS
7.5AI Score
0.0004EPSS
github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been...
2.6CVSS
6.8AI Score
0.0004EPSS
CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....
4.3CVSS
5AI Score
0.0005EPSS
CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....
4.3CVSS
6.9AI Score
0.0005EPSS
7.4AI Score
0.0004EPSS
Apache ActiveMQ's default configuration doesn't secure the API web context
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia....
8.5CVSS
7.3AI Score
0.0004EPSS
IceWarp Web Mail <= 10.4.5 Information Disclosure Vulnerability - Active Check
IceWarp Web Mail is prone to an information disclosure ...
7AI Score
CVE-2024-34103 Customer account takeover via web API call & subsequent password reset
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....
8.1CVSS
0.001EPSS
Apache ActiveMQ 5.x < 5.14.2 Web-based Administration Console Unspecified XSS
The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.14.2. It is, therefore, affected by a cross-site scripting (XSS) vulnerability in the web-based administration console due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit...
6.1CVSS
6.2AI Score
0.004EPSS
Cisco EPN Manager Detection (Web UI)
The remote host is running Cisco Evolved Programmable Network (EPN) Manager, an application used for element and network management across converged access, aggregation, and core...
1.4AI Score
Graphite <=1.1.5 - Server-Side Request Forgery
Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is...
7.5CVSS
7.3AI Score
0.008EPSS
ManageEngine - Remote Command Execution
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...
9.8CVSS
9.9AI Score
0.975EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The...
3.5CVSS
4.2AI Score
0.0004EPSS
Progress MOVEit Transfer Web Interface Detection
The web interface for Progress MOVEit Transfer (formerly known as Ipswitch MOVEit DMZ) was detected on the remote host. This plugin does not attempt to detect the...
7AI Score
7.5CVSS
8.2AI Score
0.001EPSS
HP DesignJet Printer Web Interface Detection
The web interface for HP DesignJet Printer was detected on the remote...
1.1AI Score
Tridium Niagara AX Web Server Detection
The remote host is running the Tridium Niagara AX Web Server, Tridium Niagara AX is a development framework used to create software for use in SCADA...
1.5AI Score
CVE-2024-34103 Customer account takeover via web API call & subsequent password reset
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....
8.1CVSS
7AI Score
0.001EPSS
HP PageWide Printer Web Interface Detection
The remote host is an HP PageWide printer. It is possible to obtain the product, firmware versions, and more via the web...
3.2AI Score