PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will....
7CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.7AI Score
0.0004EPSS
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will....
6.9AI Score
0.0004EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid...
10AI Score
0.002EPSS
CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4160 advisory. The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of...
5.9CVSS
5.7AI Score
0.0004EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid...
8AI Score
0.002EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.8CVSS
8AI Score
0.001EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.8CVSS
8.2AI Score
0.001EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM...
6.8AI Score
0.0004EPSS
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will....
7AI Score
0.0004EPSS
Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-java)
The remote host is missing updates announced in advisory GLSA...
9.8CVSS
8.2AI Score
0.97EPSS
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM...
6.8AI Score
0.0004EPSS
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....
7.8CVSS
7.5AI Score
0.001EPSS
OpenSSL 1.1.0 < 1.1.0l Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0l. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0l advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
4.7CVSS
5.8AI Score
0.015EPSS
BroadWin WebAccess Version Detection
Detection of BroadWin WebAccess. The script sends a connection request to the server and attempts to extract the version number from the...
7.2AI Score
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be...
7AI Score
0.0004EPSS
OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2t advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
4.7CVSS
5.8AI Score
0.015EPSS
The remote server is running at least one instance of Chora version 1.2.1 or earlier. Such versions have a flaw in the diff viewer that enables a remote attacker to run arbitrary code with the permissions of the web...
7.7AI Score
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
8.1AI Score
0.001EPSS
CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
7.5AI Score
0.001EPSS
CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...
7.8CVSS
8.3AI Score
0.001EPSS
Report default community names of the SNMP Agent
Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are...
8.1CVSS
7.2AI Score
0.454EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.7AI Score
0.0004EPSS
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
6.5CVSS
7.9AI Score
0.001EPSS
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. CVE-2023-33850 covers the GSKIT-Crypto (ICC) package used by IBM Runtime Environment, Java Technology Edition. This is separate to the GSKit-SSL package which...
7.5CVSS
6.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...
6.5AI Score
0.0004EPSS
An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php...
7.8AI Score
0.0004EPSS
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
5.5CVSS
7.3AI Score
0.001EPSS
CVE-2024-5514 MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without...
9.8CVSS
9.7AI Score
0.001EPSS
OpenSSL 1.1.1 < 1.1.1d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.1d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1d advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
5.3CVSS
5.8AI Score
0.015EPSS
CVE-2024-5514 MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without...
9.8CVSS
7.2AI Score
0.001EPSS
The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...
6.5CVSS
7.5AI Score
0.001EPSS
Microsoft Exchange Public Folders Information Leak
Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...
6.3AI Score
0.015EPSS
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
6.7AI Score
0.0004EPSS
CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual...
7.5CVSS
7.6AI Score
0.0004EPSS
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
4.8CVSS
5.3AI Score
0.0005EPSS
Fedora: Security Advisory for hivex (FEDORA-2021-372d83d54e)
The remote host is missing an update for...
4.3CVSS
5.1AI Score
0.002EPSS
Fedora: Security Advisory for hivex (FEDORA-2021-b71cc4df92)
The remote host is missing an update for...
5.4CVSS
5.8AI Score
0.002EPSS
Fedora: Security Advisory for hivex (FEDORA-2021-da76643229)
The remote host is missing an update for...
5.4CVSS
5.8AI Score
0.002EPSS
Easy Property Listings < 3.5.4 - Missing Authorization via epl_update_listing_coordinates()
Description The Easy Property Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epl_update_listing_coordinates function in versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to update...
5.3CVSS
7AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
7.6AI Score
0.0004EPSS
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend...
7.5AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped in IBM MQ Appliance. Vulnerability Details CVEID: CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...
7.5CVSS
6.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.7AI Score
0.0004EPSS