Monthly
Authentication-layer injection in OX Dovecot Pro (versions up to and including 2.4.3 and 3.1.4) arises from a flaw in the 'safe' template filter: when 'safe' is applied during variable expansion, every subsequent pipeline stage on the same string inherits the 'safe' designation, so attacker-controlled data that should be escaped is passed through unescaped. Because variable expansion is used to build authentication backend queries, this enables SQL or LDAP injection by remote unauthenticated attackers. There is no public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.01%, 2nd percentile).
Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication-layer injection in OX Dovecot Pro (versions up to and including 2.4.3 and 3.1.4) arises from a flaw in the 'safe' template filter: when 'safe' is applied during variable expansion, every subsequent pipeline stage on the same string inherits the 'safe' designation, so attacker-controlled data that should be escaped is passed through unescaped. Because variable expansion is used to build authentication backend queries, this enables SQL or LDAP injection by remote unauthenticated attackers. There is no public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.01%, 2nd percentile).
Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.