Tenable maintains a list of Common Vulnerabilities and Exposures (CVEs) and their affected products. Tenable augments the data to include related Tenable Plugins that detect each vulnerability. 316147 CVEs are indexed from NVD.
This Oracle E-Business Suite flaw was reportedly exploited in the wild and connected to a leaked proof-of-concept exploit from Scattered Lapsus$ Hunters or ShinyHunters.
Exploitation has been observed in order to distribute malware. Patches are available and should be applied as soon as possible.
Researchers have now observed exploitation attempts using this flaw, SessionReaper, to target Adobe Commerce stores. Patching is strongly advised.
Public exploit code has been released for an exploit chain targeting Adobe Experience Manager Forms and exploitation has been observed. Immediate patching is recommended
Exploitation has been observed in order to distribute malware. Patches are available and should be applied as soon as possible.
F5 Networks confirmed a threat actor gained access to its network and stole BIG-IP source code. We have flagged the following CVEs as being monitored for further intel.
F5 Networks confirmed a threat actor gained access to its network and stole BIG-IP source code. We have flagged the following CVEs as being monitored for further intel.
F5 Networks confirmed a threat actor gained access to its network and stole BIG-IP source code. We have flagged the following CVEs as being monitored for further intel.
F5 Networks confirmed a threat actor gained access to its network and stole BIG-IP source code. We have flagged the following CVEs as being monitored for further intel.
F5 Networks confirmed a threat actor gained access to its network and stole BIG-IP source code. We have flagged the following CVEs as being monitored for further intel.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4.
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
NarSuS App registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.
GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser.
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used
Rejected reason: Not used