Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference...
8.4CVSS
8.5AI Score
0.0004EPSS
A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...
7.4CVSS
7.7AI Score
0.0004EPSS
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference...
7.1CVSS
7.2AI Score
0.0004EPSS
Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference...
7.4CVSS
7.3AI Score
0.0004EPSS
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...
6.5CVSS
6.5AI Score
0.0004EPSS
Security Updates for Microsoft Sharepoint 2016 (June 2021)
The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-26420, CVE-2021-31963, CVE-2021-31964, CVE-2021-31966) ...
7.6CVSS
6.8AI Score
0.089EPSS
Security Updates for Exchange (September 2017)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An...
6.1CVSS
6AI Score
0.009EPSS
Skype for Business and Lync Spoofing Vulnerability
The Microsoft Skype for Business or Microsoft Lync installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted...
6.1CVSS
5.9AI Score
0.001EPSS
Security Updates for Microsoft Sharepoint 2016 (July 2021)
The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-34467, CVE-2021-34468, CVE-2021-34520) Microsoft SharePoint...
8.1CVSS
6.5AI Score
0.55EPSS
Security Updates for Microsoft SharePoint Server 2016 (February 2021)
The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information....
8.8CVSS
7.6AI Score
0.017EPSS
KB5028171: Windows 2022 / Azure Stack HCI 22H2 Security Update (July 2023)
The remote Windows host is missing security update 5028171. It is, therefore, affected by multiple vulnerabilities Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367) Windows Netlogon Information Disclosure...
9.8CVSS
8AI Score
0.147EPSS
KB5006672: Windows 10 Version 1809 and Windows Server 2019 Security Update (October 2021)
The remote Windows host is missing security update 5006672. It is, therefore, affected by multiple vulnerabilities: A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity...
8.8CVSS
8.6AI Score
0.512EPSS
KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update
The remote Windows host is missing security update 5005573. It is, therefore, affected by multiple vulnerabilities : An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application. ...
8.8CVSS
9.3AI Score
0.969EPSS
Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates
The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An...
7.5CVSS
8AI Score
0.947EPSS
Windows 7 and Windows Server 2008 R2 December 2017 Security Updates
The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An...
7.5CVSS
8AI Score
0.947EPSS
glpi -- Public GLPIKEY can be used to decrypt any data
MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...
7.2CVSS
1.2AI Score
0.001EPSS
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code....
8.8CVSS
8.9AI Score
0.087EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...
6.5CVSS
6.3AI Score
0.0004EPSS
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization...
The remote Windows host is missing security update 5006670. It is, therefore, affected by multiple vulnerabilities: A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity...
8.8CVSS
8.6AI Score
0.512EPSS
KB4530714: Windows 10 Version 1709 December 2019 Security Update
The remote Windows host is missing security update 4530714. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute...
8.8CVSS
8AI Score
0.087EPSS
KB4480960: Windows 7 and Windows Server 2008 R2 January 2019 Security Update
The remote Windows host is missing security update 4480960 or cumulative update 4480970. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully...
7.8CVSS
7.6AI Score
0.973EPSS
KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update
The remote Windows host is missing security update 5000822. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26860,...
9.8CVSS
9.3AI Score
0.284EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
4.9CVSS
4.5AI Score
0.0004EPSS
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
6.1CVSS
6.7AI Score
0.0005EPSS
Security Updates for Microsoft SharePoint Server 2016 (December 2020)
The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2020-17089) A remote code...
8.8CVSS
7.9AI Score
0.025EPSS
Security Updates for Microsoft SharePoint Server and Microsoft Project Server (November 2017)
The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not ...
8.8CVSS
8.3AI Score
0.003EPSS
The remote Windows host is missing security update 5005565. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,...
8.8CVSS
9.3AI Score
0.969EPSS
Security Updates for Microsoft Exchange Server (March 2021)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker could exploit this to execute unauthorized arbitrary code. (CVE-2021-26412, CVE-2021-26854, ...
9.1CVSS
9.2AI Score
0.975EPSS
Security Updates for Microsoft SharePoint Server 2019 (January 2021)
The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user....
8.8CVSS
7.3AI Score
0.013EPSS
KB4480957: Windows Server 2008 January 2019 Security Update
The remote Windows host is missing security update 4480957 or cumulative update 4480968. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully...
7.8CVSS
8.1AI Score
0.973EPSS
KB5001335: Windows 7 and Windows Server 2008 R2 Security Update (Apr 2021)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089) RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091) Windows Kernel...
8.8CVSS
8AI Score
0.079EPSS
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary...
7.3AI Score
0.0004EPSS
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter...
4.4CVSS
5.6AI Score
0.0004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
4.9CVSS
4.5AI Score
0.0004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...
5.3CVSS
6AI Score
0.0004EPSS
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...
3.7CVSS
2.4AI Score
0.0004EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...
2.5CVSS
2.4AI Score
0.0004EPSS
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM...
4.3CVSS
5.3AI Score
0.0005EPSS
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
6.1CVSS
6.2AI Score
0.0005EPSS
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
6.5CVSS
6.2AI Score
0.0005EPSS
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
6.1CVSS
6.2AI Score
0.0005EPSS
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22;...
3.7CVSS
3AI Score
0.001EPSS
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
6.1CVSS
6.2AI Score
0.0005EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
4.9CVSS
4.5AI Score
0.0004EPSS
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
6.1CVSS
6.2AI Score
0.0005EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
4.9CVSS
4.4AI Score
0.0004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
4.9CVSS
5.8AI Score
0.0004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
4.4CVSS
3.8AI Score
0.0004EPSS
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
6.1CVSS
6.2AI Score
0.0005EPSS