7.1AI Score
0.0005EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to...
7.1AI Score
0.001EPSS
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to...
7AI Score
0.0005EPSS
6.2AI Score
0.0004EPSS
6.2AI Score
0.0004EPSS
6.2AI Score
0.0004EPSS
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version...
7.1AI Score
0.0004EPSS
6.2AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used....
8.8CVSS
7.7AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has...
8.8CVSS
7.7AI Score
0.001EPSS
A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the...
8.8CVSS
7.8AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort...
9.8CVSS
8AI Score
0.001EPSS
Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser of the user who is using the product. The affected firmware is prior to 12.2(50)SY...
6.1CVSS
6.2AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function action_admin_notices_activation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be...
6.1CVSS
6.8AI Score
0.001EPSS
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as...
4.3CVSS
4.7AI Score
0.001EPSS
7.4AI Score
7.4AI Score
thinkphp SQL Injection via the index.php s parameter
thinkphp 3.1.3 has SQL Injection via the index.php s...
8.2AI Score
0.002EPSS
thinkphp SQL Injection via the index.php s parameter
thinkphp 3.1.3 has SQL Injection via the index.php s...
9.8CVSS
8.2AI Score
0.002EPSS
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Vulnerability
Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to...
7.7AI Score
7.4AI Score
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass
Title: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Advisory ID: ZSL-2024-5820 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary ESE (Elber Satellite Equipment) product line, designed for the...
7.7AI Score
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config
Title: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Advisory ID: ZSL-2024-5821 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary ESE (Elber Satellite Equipment) product line, designed for the high-end...
7.3AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability
Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables...
7.8AI Score
7.4AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Advisory ID: ZSL-2024-5814 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment...
7.7AI Score
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference Vulnerability
Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...
7.5AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config
Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Advisory ID: ZSL-2024-5815 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment demodulates...
7.3AI Score
7.4AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability
Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure...
7.5AI Score
7.4AI Score
7.3AI Score
App can read iccId of sim card(s) without requiring READ_PRIVILEGED_PHONE_STATE permission.
In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed...
5.5CVSS
5.2AI Score
0.0004EPSS
Local SQL Injection in Content Provider(s) for package 'com.android.providers.contacts' version 10
In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for...
3.3CVSS
3.8AI Score
0.0004EPSS
App can read iccId of sim card(s) without requiring READ_PRIVILEGED_PHONE_STATE permission.
In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
4.8AI Score
0.0004EPSS
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.1AI Score
0.0004EPSS
Media Library Folders < 8.2.1 - Reflected Cross-Site Scripting via 's'
Description The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6.3AI Score
0.0004EPSS
Customer Reviews for WooCommerce < 5.48.0 - Reflected Cross-Site Scripting via 's'
Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers.....
6.3AI Score
0.0004EPSS
[Boreal S] [ADT3 T] YT able to record from Remote Submix when global mic mute toggle is enabled
In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.3AI Score
0.0004EPSS
App can set discoverable timeout of device' s Bluetooth without showing system dialog to user.
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
App can set Scan Mode of device' s Bluetooth without showing system dialog to user.
In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...
7.3CVSS
7.1AI Score
0.0004EPSS
[Android Auto] App permissions reset after upgrade on device from R build to S build
In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for...
6.8CVSS
6.8AI Score
0.0005EPSS
s-nautica.me Improper Access Control vulnerability OBB-3859024
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
s-b.ru Cross Site Scripting vulnerability OBB-3859703
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.3AI Score
s-kiilto.fi Cross Site Scripting vulnerability OBB-3846950
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
s-capetravel.eu Cross Site Scripting vulnerability OBB-3846946
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET...
7.5CVSS
7.4AI Score
0.001EPSS
i-s-e.nl Improper Access Control vulnerability OBB-3867198
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score