A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Huawei device has an input verification vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Endpoint Configuration Manager Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A security vulnerability has been identified in Apache Kafka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.
This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
There is a password verification vulnerability in WS7200-10 11.0.2.13. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
SFTPGo is an SFTP server written in Go. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved restrictions. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.