1756-EN2TR Series A, B Security Vulnerabilities
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.6AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...
7.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...
7.3CVSS
0.0004EPSS
Malicious code in airbnb-o2 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (15a37bd4059b76c7466684dfbc565c913af0ab4af849c5a643ce44d3bb7a4a6e) The OpenSSF Package Analysis project identified 'airbnb-o2' @ 13.37.1 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
0.0004EPSS
7.8CVSS
8.8AI Score
0.001EPSS
openSUSE 15 Security Update : php8 (SUSE-SU-2024:2039-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2039-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the preceding...
5.3CVSS
6.9AI Score
0.001EPSS
RHEL 8 : flatpak (RHSA-2024:3961)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3961 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
RHEL 8 : firefox (RHSA-2024:3952)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3952 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8AI Score
0.0004EPSS
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....
0.0004EPSS
A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON...
0.0004EPSS
Debian dla-3835 : roundcube - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3835 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3835-1 [email protected] ...
6.6AI Score
0.0004EPSS
PHPVOD v4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at...
6.2AI Score
0.0004EPSS
SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php...
0.0004EPSS
7.4AI Score
Ubuntu 23.10 / 24.04 LTS : Rack vulnerabilities (USN-6837-1)
The remote Ubuntu 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6837-1 advisory. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to...
7.5CVSS
7.7AI Score
0.001EPSS
RHEL 9 : firefox (RHSA-2024:3958)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3958 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
RHEL 9 : firefox (RHSA-2024:3955)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3955 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
RHEL 8 : flatpak (RHSA-2024:3962)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3962 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
7.4AI Score
0.0004EPSS
openSUSE 15 Security Update : booth (SUSE-SU-2024:2040-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2040-1 advisory. - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) Tenable has...
7.4CVSS
6.9AI Score
0.001EPSS
RHEL 7 : linux-firmware (RHSA-2024:3939)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3939 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...
8.2CVSS
7.4AI Score
0.0005EPSS
RHEL 8 : firefox (RHSA-2024:3953)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3953 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8.2AI Score
0.0004EPSS
A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via...
0.0004EPSS
StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component...
0.0004EPSS
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html...
6.2AI Score
0.0004EPSS
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input...
0.0004EPSS
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at...
6.2AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
RHEL 8 : firefox (RHSA-2024:3950)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3950 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
RHEL 7 : firefox (RHSA-2024:3951)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3951 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
0.0004EPSS
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
0.0004EPSS
almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269)...
0.0004EPSS
A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON...
7.8AI Score
0.0004EPSS
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php....
0.0004EPSS
A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message...
0.0004EPSS
A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the...
0.0004EPSS
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at...
0.0004EPSS
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at...
6.2AI Score
0.0004EPSS
7.1AI Score
0.008EPSS
7.1AI Score
0.0004EPSS
8.5CVSS
7.1AI Score
0.005EPSS
8CVSS
8AI Score
0.0004EPSS
RHEL 9 : flatpak (RHSA-2024:3959)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3959 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via...
8.4CVSS
8.6AI Score
0.0004EPSS
RHEL 8 : firefox (RHSA-2024:3954)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3954 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
7.7AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : SSSD vulnerability (USN-6836-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6836-1 advisory. It was discovered that SSSD did not always correctly apply the GPO policy for authenticated users, contrary to expectations....
7.1CVSS
6.8AI Score
0.0004EPSS
Fedora 39 : galera / mariadb (2024-d61bffd77f)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-d61bffd77f advisory. MariaDB 10.5.25 & Galera 26.4.18 Release notes: https://mariadb.com/kb/en/mariadb-10-5-25-release-notes/ Tenable has extracted the preceding...
7.4AI Score
openSUSE 15 Security Update : php8 (SUSE-SU-2024:2038-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:2038-1 advisory. - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Tenable has extracted the preceding...
5.3CVSS
6.9AI Score
0.001EPSS