B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
7.4AI Score
0.001EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.7AI Score
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php having() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without...
9.8CVSS
7.4AI Score
0.001EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_not_in() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 and The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 contains fixes which was identified as a vulnerability during OSS scan. These version contain upgraded version of guava-28.0-jre.jar (CVE-2020-8908), httpclient-4.0.jar...
8.1AI Score
0.129EPSS
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_like() function. Note: Multiple third parties have disputed this as not a valid...
9.8CVSS
9.8AI Score
0.002EPSS
CVE-2024-4653 BlueNet Technology Clinical Browsing System outIndex.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...
6.8AI Score
0.0004EPSS
CVE-2024-4654 BlueNet Technology Clinical Browsing System cloudInterface.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely......
6.9AI Score
0.0004EPSS
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely......
6.3CVSS
7.9AI Score
0.0004EPSS
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack...
6.3CVSS
7.8AI Score
0.0004EPSS
5.5AI Score
0.001EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature. Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this...
1.6AI Score
An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted...
8.1AI Score
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. CVE-2023-33850 covers the GSKIT-Crypto (ICC) package used by IBM Runtime Environment, Java Technology Edition. This is separate to the GSKit-SSL package which...
6.3AI Score
0.001EPSS
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped in IBM MQ Appliance. Vulnerability Details CVEID: CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...
6.6AI Score
0.001EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature. Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this...
1.6AI Score
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-22081 ...
7AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...
5.3CVSS
6.8AI Score
0.0004EPSS
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is.....
8.9AI Score
0.001EPSS
The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, ...
3.4AI Score
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094-Vulnerabity-Checker Verify that your XZ Utils...
9.6AI Score
0.133EPSS
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches...
4.2AI Score
0.0005EPSS
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will....
7CVSS
6.7AI Score
0.0004EPSS
A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been...
8.8CVSS
7.9AI Score
0.001EPSS
japan-green.com.sg Cross Site Scripting vulnerability OBB-3922079
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the....
6.5CVSS
6.5AI Score
0.0005EPSS
japan-ferien.ch Cross Site Scripting vulnerability OBB-3833035
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Amazon Linux 2 : ipa (ALAS-2024-2498)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2498 advisory. specially crafted HTTP requests potentially lead to DoS or data exposure [fedora-all] (CVE-2024-1481) Note that Nessus has not tested for this issue but has instead relied only on the application's...
5.2AI Score
A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be....
7.5CVSS
6.9AI Score
0.009EPSS
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The...
9.8CVSS
7.3AI Score
0.004EPSS
A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'......
9.8CVSS
7.2AI Score
0.002EPSS
A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication. The...
9.8CVSS
7.3AI Score
0.005EPSS
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the.....
7.5AI Score
0.0004EPSS
7.4AI Score
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a.....
3.8AI Score
0.0004EPSS
Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2024-3267)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3267 advisory. bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc:...
7.3AI Score
A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is....
6.3CVSS
7.7AI Score
0.0004EPSS
CVE-2024-4257 BlueNet Technology Clinical Browsing System deleteStudy.php sql injection
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type...
7.6AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
9AI Score
0.0004EPSS
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not...
6.5AI Score
0.001EPSS
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to....
3.7CVSS
6.8AI Score
0.0004EPSS
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in create_all_header_nodes() function from lib/api_automation.php , finally.....
7.2AI Score
0.0004EPSS
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout....
5.5CVSS
5.6AI Score
0.0004EPSS