| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39549 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2024 | A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute.… | ||
| CVE-2024-39548 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2024 | An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their… | ||
| CVE-2024-39546 | Hig | 0.47 | 7.3 | 0.00 | Jul 11, 2024 | A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root… | ||
| CVE-2024-39545 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2024 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part… | ||
| CVE-2024-39542 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2024 | An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based… | ||
| CVE-2024-39540 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2024 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected… | ||
| CVE-2024-39531 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2024 | An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst… | ||
| CVE-2024-39904 | Hig | 0.50 | 8.8 | 0.01 | Jul 11, 2024 | VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,… | ||
| CVE-2024-39530 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2024 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific… | ||
| CVE-2024-39529 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2024 | A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA)… | ||
| CVE-2024-39524 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2024 | An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI… | ||
| CVE-2024-39523 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2024 | An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI… | ||
| CVE-2024-39522 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2024 | An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI… | ||
| CVE-2024-39521 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2024 | An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI… | ||
| CVE-2024-39520 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2024 | An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI… | ||
| CVE-2024-32753 | Hig | 0.46 | — | 0.00 | Jul 11, 2024 | Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component | ||
| CVE-2024-38536 | Hig | 0.49 | 7.5 | 0.01 | Jul 11, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6. | ||
| CVE-2024-38535 | Hig | 0.00 | 7.5 | 0.01 | Jul 11, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6. | ||
| CVE-2024-38534 | Hig | 0.00 | 7.5 | 0.01 | Jul 11, 2024 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue. | ||
| CVE-2024-28872 | Hig | 0.58 | 8.9 | 0.00 | Jul 11, 2024 | The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service… | ||
| CVE-2024-5681 | Hig | 0.51 | 7.8 | 0.00 | Jul 11, 2024 | CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||
| CVE-2024-5680 | Hig | 0.46 | 7.1 | 0.00 | Jul 11, 2024 | CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||
| CVE-2024-5679 | Hig | 0.46 | 7.1 | 0.00 | Jul 11, 2024 | CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||
| CVE-2024-2602 | Hig | 0.47 | 7.3 | 0.00 | Jul 11, 2024 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. | ||
| CVE-2024-6666 | Hig | 0.50 | 8.8 | 0.01 | Jul 11, 2024 | The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. … | ||
| CVE-2024-1845 | Hig | 0.57 | 8.8 | 0.00 | Jul 11, 2024 | The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||
| CVE-2024-22280 | Hig | 0.55 | 8.5 | 0.00 | Jul 11, 2024 | VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. | ||
| CVE-2024-6653 | Hig | 0.48 | 7.3 | 0.01 | Jul 11, 2024 | A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. The attack can be… | ||
| CVE-2024-6447 | Hig | 0.47 | 7.2 | 0.01 | Jul 11, 2024 | The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on… | ||
| CVE-2024-39565 | Hig | 0.57 | 8.8 | 0.01 | Jul 10, 2024 | An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged… | ||
| CVE-2024-39562 | Hig | 0.49 | 7.5 | 0.00 | Jul 10, 2024 | A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH… | ||
| CVE-2024-39555 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service… | ||
| CVE-2024-39518 | Hig | 0.49 | 7.5 | 0.00 | Jul 10, 2024 | A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is… | ||
| CVE-2024-6286 | Hig | 0.51 | 7.8 | 0.00 | Jul 10, 2024 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||
| CVE-2024-6236 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX | ||
| CVE-2024-6151 | Hig | 0.51 | 7.8 | 0.00 | Jul 10, 2024 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | ||
| CVE-2024-6148 | Hig | 0.57 | 8.8 | 0.00 | Jul 10, 2024 | Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | ||
| CVE-2024-39693 | Hig | 0.42 | 7.5 | 0.00 | Jul 10, 2024 | Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later. | ||
| CVE-2024-38354 | Hig | 0.53 | 8.1 | 0.00 | Jul 10, 2024 | CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks… | ||
| CVE-2024-37149 | Hig | 0.48 | 7.2 | 0.21 | Jul 10, 2024 | GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script.… | ||
| CVE-2024-37148 | Hig | 0.54 | 8.1 | 0.20 | Jul 10, 2024 | GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take… | ||
| CVE-2024-6235 | Hig | 0.59 | 8.8 | 0.21 | Jul 10, 2024 | Sensitive information disclosure in NetScaler Console | ||
| CVE-2024-5491 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler | ||
| CVE-2024-32469 | Hig | 0.39 | 7.1 | 0.00 | Jul 10, 2024 | Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1. | ||
| CVE-2024-37115 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8. | ||
| CVE-2024-37110 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | ||
| CVE-2024-32759 | Hig | 0.50 | — | 0.00 | Jul 10, 2024 | Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials. | ||
| CVE-2024-3325 | Hig | 0.47 | 7.2 | 0.01 | Jul 10, 2024 | Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0. | ||
| CVE-2024-40332 | Hig | 0.57 | 8.8 | 0.00 | Jul 10, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord | ||
| CVE-2024-40331 | Hig | 0.57 | 8.8 | 0.00 | Jul 10, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup |
- risk 0.49cvss 7.5epss 0.00
A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute.…
- risk 0.49cvss 7.5epss 0.00
An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their…
- risk 0.47cvss 7.3epss 0.00
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root…
- risk 0.49cvss 7.5epss 0.00
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part…
- risk 0.49cvss 7.5epss 0.00
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based…
- risk 0.49cvss 7.5epss 0.00
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected…
- risk 0.49cvss 7.5epss 0.00
An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst…
- risk 0.50cvss 8.8epss 0.01
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,…
- risk 0.49cvss 7.5epss 0.00
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific…
- risk 0.49cvss 7.5epss 0.00
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA)…
- risk 0.51cvss 7.8epss 0.00
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…
- risk 0.51cvss 7.8epss 0.00
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…
- risk 0.51cvss 7.8epss 0.00
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…
- risk 0.51cvss 7.8epss 0.00
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…
- risk 0.51cvss 7.8epss 0.00
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI…
- risk 0.46cvss —epss 0.00
Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component
- risk 0.49cvss 7.5epss 0.01
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.
- risk 0.00cvss 7.5epss 0.01
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
- risk 0.00cvss 7.5epss 0.01
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
- risk 0.58cvss 8.9epss 0.00
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service…
- risk 0.51cvss 7.8epss 0.00
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
- risk 0.46cvss 7.1epss 0.00
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
- risk 0.46cvss 7.1epss 0.00
CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
- risk 0.47cvss 7.3epss 0.00
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor.
- risk 0.50cvss 8.8epss 0.01
The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …
- risk 0.57cvss 8.8epss 0.00
The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
- risk 0.55cvss 8.5epss 0.00
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
- risk 0.48cvss 7.3epss 0.01
A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. The attack can be…
- risk 0.47cvss 7.2epss 0.01
The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on…
- risk 0.57cvss 8.8epss 0.01
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged…
- risk 0.49cvss 7.5epss 0.00
A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH…
- risk 0.49cvss 7.5epss 0.01
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service…
- risk 0.49cvss 7.5epss 0.00
A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is…
- risk 0.51cvss 7.8epss 0.00
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
- risk 0.49cvss 7.5epss 0.01
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
- risk 0.51cvss 7.8epss 0.00
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS
- risk 0.57cvss 8.8epss 0.00
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
- risk 0.42cvss 7.5epss 0.00
Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.
- risk 0.53cvss 8.1epss 0.00
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks…
- risk 0.48cvss 7.2epss 0.21
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script.…
- risk 0.54cvss 8.1epss 0.20
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take…
- risk 0.59cvss 8.8epss 0.21
Sensitive information disclosure in NetScaler Console
- risk 0.49cvss 7.5epss 0.01
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
- risk 0.39cvss 7.1epss 0.00
Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
- risk 0.50cvss —epss 0.00
Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials.
- risk 0.47cvss 7.2epss 0.01
Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord
- risk 0.57cvss 8.8epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup