Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
0.0004EPSS
Bitdefender GravityZone Detection
The remote host is a Bitdefender GravityZone Appliance, an endpoint threat detection...
1.6AI Score
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the...
7.7CVSS
6.7AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session...
4.8CVSS
5.8AI Score
0.0004EPSS
SolarWinds Orion Platform Installed (Windows)
SolarWinds Orion Platform is installed on the remote Windows host. Orion is a core component of several network monitoring and management...
1.2AI Score
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...
5.3CVSS
5.2AI Score
0.001EPSS
coldbox-elixir is vulnerable to Information Disclosure. The vulnerability exists because the library does not securely define environment variables in the defaultConfig.js variable handler, allowing an attacker to access sensitive...
7.5CVSS
6.8AI Score
0.001EPSS
Bitdefender GravityZone User Interface Detection
The remote web server is the user interface for Bitdefender GravityZone, a real-time endpoint threat detection...
2.1AI Score
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.7AI Score
0.0005EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
0.0005EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
0.0005EPSS
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication...
8.8CVSS
7.3AI Score
0.001EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
6.5AI Score
0.0005EPSS
CVE-2024-1067 Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...
6.5AI Score
0.0004EPSS
7.5CVSS
8.2AI Score
0.958EPSS
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...
6.5AI Score
0.0004EPSS
7AI Score
Zinwave Series 3000 DAS Web Interface Detection
The remote host is running the web interface for a Zinwave Series 3000 DAS, a distributed antenna system hardware...
2.3AI Score
Adobe Digital Editions Installed
Adobe Digital Editions, an electronic book reader application, is installed on the remote...
0.9AI Score
Adobe Digital Editions Installed (Mac OS X)
Adobe Digital Editions, an electronic book reader application, is installed on the remote Mac OS X...
1.2AI Score
6.1AI Score
0.0004EPSS
Logs storing credentials are insufficiently protected and can be decoded through the use of open source...
6.6AI Score
0.0004EPSS
Lenovo Mouse Suite, a software suite for configuring a Lenovo wireless mouse, is installed on the remote Windows...
1.3AI Score
Lenovo System Update Installed
Lenovo System Update (formerly known as ThinkVantage System Update), a system update utility for Lenovo systems, is installed on the remote Windows...
1AI Score
NetIQ Access Manager, a network access administration web application, is present on the remote...
3AI Score
Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the...
6.3AI Score
0.0004EPSS
NetIQ Access Manager, a network access administration web application, is present on the remote server. It is possible to identify the major version and support pack remotely; however, hotfix information requires valid HTTP login credentials to...
4.1AI Score
LG LED Assistant, a digital signage management application, is running on the remote...
7AI Score
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate...
6.5AI Score
0.0004EPSS
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear...
6.4AI Score
0.0004EPSS
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the...
6.6AI Score
0.0004EPSS
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via...
6.5CVSS
7AI Score
0.002EPSS
LiveData ICCP Server Detection
ICCP servers are commonly used in electric transmission and generation systems. Many vendors have integrated the LiveData ICCP stack including Advanced Control Systems, Barco, Eliop, GEA-India, Hitachi, Invensys Process Systems, LiveData, LogicaCMG, Ratio Control Central Stations, SPL Worldgroup,.....
3.8AI Score
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password...
7.1AI Score
0.0004EPSS
Kentico CMS Insecure Deserialization Remote Code Execution
Kentico CMS is susceptible to remote code execution via a .NET deserialization...
9.8CVSS
9.8AI Score
0.973EPSS
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Exploitation of this vulnerability could allow a remote user to execute arbitrary...
6.6CVSS
7.5AI Score
0.0004EPSS
Session Fixation vulnerability in in function login in class.auth.php in osTicket through...
8.8CVSS
8.9AI Score
0.002EPSS
The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to...
4.4CVSS
5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.5AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary...
6.6CVSS
7.5AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal...
4.8CVSS
5.8AI Score
0.0004EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through...
5.3CVSS
7.3AI Score
0.0004EPSS
CVE-2023-48745 WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through...
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2023-48745 WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability
Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through...
5.3CVSS
7.1AI Score
0.0004EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through...
5.3CVSS
5.5AI Score
0.0004EPSS
Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session...
4.8CVSS
5.8AI Score
0.0004EPSS
Check Point Endpoint Security SandBlast Agent Installed (macOS)
Check Point Endpoint Security SandBlast Agent which provides unified management, policy enforcement, threat prevention, and detection is installed on the remote macOS...
0.7AI Score
Exploit for Stack-based Buffer Overflow in Elastic Elasticsearch
Elasticsearch StackOverflow vulnerability A flaw was...
7.5CVSS
6.8AI Score
0.001EPSS
Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback...
9.1CVSS
7.2AI Score
0.0004EPSS