Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...
8.2CVSS
5.4AI Score
0.001EPSS
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may....
5.3CVSS
6.6AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: djvulibre-3.5.28-6.fc38
DjVu is a web-centric format and software platform for distributing documents and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution picture s. DjVu content downloads faster, displays and renders faster,...
6.5CVSS
6.7AI Score
0.001EPSS
iniNet SpiderControl PLC Editor Simatic Detection
The remote host is running the iniNet SpiderControl PLC Editor for Simatic devices. PLC Editor is an advanced technology for web-based graphical human-machine interfaces. This software is commonly used in SCADA systems to exchange data between different vendor...
1AI Score
iniNet SpiderControl PLC Editor Beckhoff Detection
The remote host is running the iniNet SpiderControl PLC Editor for Beckhoff devices. PLC Editor is an advanced technology for web-based graphical human-machine Interfaces. This software is commonly used in SCADA systems to exchange data between different vendor...
1.3AI Score
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
6.5AI Score
0.0004EPSS
23andMe data breach under joint investigation in two countries
The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals....
6.8AI Score
[SECURITY] Fedora 39 Update: djvulibre-3.5.28-7.fc39
DjVu is a web-centric format and software platform for distributing documents and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution picture s. DjVu content downloads faster, displays and renders faster,...
6.5CVSS
6.7AI Score
0.001EPSS
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the AssetController::importServerFilesAction, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log...
8.8CVSS
7.2AI Score
0.001EPSS
OpenBSD OpenSSH <= 9.6 Authentication Bypass Vulnerability
OpenBSD OpenSSH is prone to an authentication bypass ...
7CVSS
6.9AI Score
0.001EPSS
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the.....
7.5CVSS
7.5AI Score
0.0004EPSS
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure...
6.7CVSS
6.7AI Score
0.0004EPSS
(RHSA-2024:1570) Important: ACS 4.4 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. This release includes the following features and updates: New Compliance capabilities (Technology Preview) Network graph enhancements for internal entities Build-time...
7.6AI Score
0.963EPSS
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may...
2.6CVSS
3.5AI Score
0.0004EPSS
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may...
2.6CVSS
0.0004EPSS
CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may...
2.6CVSS
0.0004EPSS
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...
7.4CVSS
6.8AI Score
0.015EPSS
Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...
9.1CVSS
8.6AI Score
0.002EPSS
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a.....
4.3CVSS
3.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.6AI Score
0.0004EPSS
Check Point VPN-1 PAT Information Disclosure Vulnerability - Active Check
Check Point VPN-1 PAT is prone to an information disclosure ...
6.2AI Score
0.007EPSS
About the security content of visionOS 1.2
About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
8.8CVSS
7.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.4AI Score
0.0004EPSS
CVE-2024-4584 Faraday GM8181/GM828x command_port.ini information disclosure
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
5.3AI Score
0.0004EPSS
This plugin utilizes various Nessus detection methods and reports software identified by to Nessus and known to utilize "Artificial Intelligence" (AI) and Large Language Model (LLM) technology. Note that this plugin uses several detection methods. The products reported by this plugin will grow as.....
7.3AI Score
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
5AI Score
0.0004EPSS
An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe...
6.8AI Score
EPSS
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An...
4.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-4584 Faraday GM8181/GM828x command_port.ini information disclosure
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
5.1AI Score
0.0004EPSS
An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe...
6.9AI Score
EPSS
7.4AI Score
0.001EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.1AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
6.2AI Score
0.0004EPSS
Oracle WebLogic Server Node Manager 'beasvc.exe' RCE Vulnerability
Oracle WebLogic Server is prone to a remote command-execution vulnerability because the software fails to restrict access to sensitive commands. Successful attacks can compromise the affected software and possibly the computer. Oracle WebLogic Server 10.3.2 is vulnerable, other versions may also...
6.3AI Score
0.082EPSS
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...
8.3CVSS
8.5AI Score
0.0004EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.3AI Score
0.0004EPSS
An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe...
6.8AI Score
EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before...
7.5CVSS
6.8AI Score
0.001EPSS
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...
5.3CVSS
5.2AI Score
0.0004EPSS
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...
5.3CVSS
0.0004EPSS
pcp security, bug fix, and enhancement update
An update is available for pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...
8.8CVSS
7.5AI Score
0.0004EPSS
Neiman Marcus confirms breach. Is the customer data already for sale?
Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....
7.5AI Score
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading...
9.3CVSS
9.2AI Score
0.0004EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before...
7.5CVSS
6.9AI Score
0.001EPSS
Detect PROFINET targets listening on the Network Layer.
Sends a PROFINET indentification ethernet packet request to the device's ethernet address. If the response is a proper PROFINET response the device supports the protocol and information...
1.5AI Score
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could.....
7.5CVSS
7.2AI Score
0.001EPSS
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability that could result in the loading of unsigned firmware on boot. An authenticated attacker could exploit this flaw to load malicious firmware onto the device....
6.7CVSS
6.4AI Score
0.0004EPSS
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....
6.8AI Score
0.0004EPSS
CVE-2024-25976 Reflected Cross-Site-Scripting (XSS)
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the...
6.4AI Score
0.0004EPSS
CVE-2024-25975 Arbitrary File Overwrite
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...
6.8AI Score
0.0004EPSS