Monthly
Resource Location Spoofing in the Drupal 'Translate Drupal with GTranslate' module (versions 0.0.0 through before 3.0.5) allows a high-privileged authenticated attacker to modify data the module treats as immutable, enabling redirection of translation resource locations. Exploitation requires network access but demands administrator-level privileges, yielding only low integrity impact with no confidentiality or availability consequences. No public exploit code exists and EPSS sits at 0.02% (5th percentile), indicating negligible exploitation interest at this time.
Authenticated users with GitRepository modification privileges in Nautobot can manipulate the current_head field via REST API to force local repository clones to check out arbitrary commits, causing repository state inconsistency or denial of service. The unintended write access stems from improper REST API serializer configuration (CWE-471: Modification of Assumed-Immutable Data). Vendor-released patches in versions 2.4.33 and 3.1.2 add field-level access controls and input validation to prevent manipulation of the internal current_head tracking field. No public exploit identified at time of analysis, though exploitation requires only low-privilege authenticated API access.
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Resource Location Spoofing in the Drupal 'Translate Drupal with GTranslate' module (versions 0.0.0 through before 3.0.5) allows a high-privileged authenticated attacker to modify data the module treats as immutable, enabling redirection of translation resource locations. Exploitation requires network access but demands administrator-level privileges, yielding only low integrity impact with no confidentiality or availability consequences. No public exploit code exists and EPSS sits at 0.02% (5th percentile), indicating negligible exploitation interest at this time.
Authenticated users with GitRepository modification privileges in Nautobot can manipulate the current_head field via REST API to force local repository clones to check out arbitrary commits, causing repository state inconsistency or denial of service. The unintended write access stems from improper REST API serializer configuration (CWE-471: Modification of Assumed-Immutable Data). Vendor-released patches in versions 2.4.33 and 3.1.2 add field-level access controls and input validation to prevent manipulation of the internal current_head tracking field. No public exploit identified at time of analysis, though exploitation requires only low-privilege authenticated API access.
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.