The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.7%.
Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.6%.
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.0%.
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.7%.
Remote file download in simple-image-manipulator v1.0 wordpress plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.0%.
Zotpress plugin for WordPress SQLi in zp_get_account(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.1% and no vendor patch available.
Blind SQL Injection in wordpress plugin dukapress v2.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Blind SQL Injection in filedownload v1.4 wordpress plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS and SQLi in huge IT gallery v1.1.5 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Remote file download vulnerability in wptf-image-gallery v1.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Open Proxy in filedownload v1.4 wordpress plugin. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
XSS in filedownload v1.4 wordpress plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS in huge IT gallery v1.1.5 for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Remote file download vulnerability in recent-backups v0.7 wordpress plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.