A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file login.php of the component Login Panel. The manipulation of the argument username leads to sql injection. It is possible to initiate...
7.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-6215 SourceCodester Food Ordering Management System view-ticket-admin.php sql injection
A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file view-ticket-admin.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The.....
6.3CVSS
0.0004EPSS
PCI DSS 4.0.1: New Clarifications on Client-Side Security – What You Need to Know
As a leading provider of web application and API security solutions, Imperva is committed to helping merchants, payment processors, and anyone seeking to comply with the latest PCI DSS requirements. We previously discussed the changes introduced in PCI DSS 4.0. This blog will cover the...
7.1AI Score
7.3AI Score
CVE-2024-6214 SourceCodester Food Ordering Management System add-item.php sql injection
A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file add-item.php. The manipulation of the argument price leads to sql injection. The attack can be initiated remotely. The exploit has.....
6.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-6214 SourceCodester Food Ordering Management System add-item.php sql injection
A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file add-item.php. The manipulation of the argument price leads to sql injection. The attack can be initiated remotely. The exploit has.....
6.3CVSS
0.0004EPSS
CVE-2024-6213 SourceCodester Food Ordering Management System Login Panel login.php sql injection
A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file login.php of the component Login Panel. The manipulation of the argument username leads to sql injection. It is possible to initiate...
7.3CVSS
0.0004EPSS
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely....
3.5CVSS
0.0004EPSS
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely....
3.5CVSS
6.4AI Score
0.0004EPSS
buglogic.com Cross Site Scripting vulnerability OBB-3937039
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely....
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely....
3.5CVSS
0.0004EPSS
The version of Streamline NX Client installed on the remote host is prior to 3.4.3.2, 3.5.1.202, 3.6.2.2, or 3.7.2.1. It is, therefore, affected by a vulnerability as referenced in the 2024-000005 advisory. Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and...
7.3AI Score
SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2106-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2106-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...
8.8CVSS
8.6AI Score
0.0004EPSS
Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 RCE (2024-000004)
The version of Streamline NX Client installed on the remote host is prior to 3.231.0, 3.4.3.2, 3.5.1.202 or 3.6.2.2. It is, therefore, affected by a vulnerability as referenced in the 2024-000004 advisory. Improper restriction of communication channel to intended endpoints issue exists in Ricoh...
7.8AI Score
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via...
EPSS
8.8CVSS
7.1AI Score
0.0004EPSS
Mattermost Desktop CVE-2024-36287 (macOS) (MMSA-2024-00326)
According to MMSA-2024-00326, Mattermost Desktop App versions <= 5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
3.8CVSS
7.2AI Score
0.0004EPSS
Oracle Linux 9 : nghttp2 (ELSA-2024-3501)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3501 advisory. [1.43.0-5.2] - fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316) Tenable has extracted the preceding description block directly from the Oracle Linux.....
7.5CVSS
7.1AI Score
0.005EPSS
Dell Client BIOS DoS (DSA-2024-168)
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. Note that Nessus has not tested for this issue but has instead relied only on the...
7AI Score
Dell Client BIOS Incorrect Authorization (DSA-2024-122)
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. Note that Nessus has not tested for this issue but has instead relied.....
6.9AI Score
RHEL 8 : thunderbird (RHSA-2024:4036)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4036 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fix(es): *...
7.9AI Score
0.0004EPSS
Streamline NX Client Installed (Windows)
Streamline NX Client is installed on the remote Windows...
7.4AI Score
Dell Client BIOS Multiple Vulnerabilities (DSA-2024-124)
Dell Client Platform BIOS contains multiple Improper Input Validation vulnerabilities in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has...
7.2AI Score
Kibana 8.6.3 < 8.14 (ESA-2024-15)
The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...
7.2AI Score
SUSE SLES15 / openSUSE 15 Security Update : containerd (SUSE-SU-2024:2108-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2108-1 advisory. Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request...
7.4AI Score
0.0004EPSS
Fedora 39 : chromium (2024-dd14eefb0e)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dd14eefb0e advisory. update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High...
8.8CVSS
7.8AI Score
0.001EPSS
RHEL 8 : ovn-2021 (RHSA-2024:4035)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4035 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add ...
6.5CVSS
7.3AI Score
0.0005EPSS
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-2 advisory. - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5....
7.5CVSS
7.3AI Score
0.001EPSS
6.5CVSS
7.5AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...
5.4CVSS
7AI Score
0.0004EPSS
Streamline NX Client Multiple Vulnerabilities (2024-000006, 2024-000007)
The version of Streamline NX Client installed on the remote host is prior to 3.2.1.19, 3.3.1.3, 3.3.2.201, 3.4.3.1, 3.5.1.201, 3.6.100.53, or 3.6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024-000006 and 2024-000007 advisories. Use of potentially dangerous...
7.7AI Score
0.0004EPSS
FreeBSD : qt6-webengine -- Multiple vulnerabilities (c5415838-2f52-11ef-9cab-4ccc6adda413)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c5415838-2f52-11ef-9cab-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: Tenable has...
7.7AI Score
Dell Client BIOS Improper Input Validation (DSA-2024-125)
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. Note that Nessus has not tested for this issue but has instead...
7AI Score
urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...
4.4CVSS
7.1AI Score
0.0004EPSS
8.8CVSS
9AI Score
0.001EPSS
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page...
EPSS
An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated...
5.4CVSS
0.0004EPSS
SUSE SLES12 Security Update : hdf5 (SUSE-SU-2024:2105-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2105-1 advisory. - Fix various security issues in hdf5 (bsc#1224158): CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, ...
8.1CVSS
7.4AI Score
EPSS
SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2107-1)
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2107-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...
8.8CVSS
8.6AI Score
0.0004EPSS
Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)
The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...
7.2AI Score
7.3AI Score
browardlegaldirectory.com Cross Site Scripting vulnerability OBB-3937038
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary TSSC/IMC is vulnerable to aritrary code excecution due to cURL. A patch has been provided that updates the curl library. (CVE-2023-30630, CVE-2023-28321) Vulnerability Details ** CVEID: CVE-2023-27536 DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security...
7.1CVSS
7.5AI Score
0.002EPSS
Summary TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491). A patch has been provided that updates the Dmidecode library. Vulnerability Details ** CVEID: CVE-2023-29491 DESCRIPTION: **ncurses is vulnerable to a denial of service, caused by a memory corruption...
7.8CVSS
6.8AI Score
0.0004EPSS
cartecgroup.com Cross Site Scripting vulnerability OBB-3937037
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Java (CVE-2023-22081)
Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Java library. (CVE-2023-22081) Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a...
5.3CVSS
6.8AI Score
0.001EPSS
cybercomplianceinthecloud.com Cross Site Scripting vulnerability OBB-3937036
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
riskassess.complianceobjects.com Cross Site Scripting vulnerability OBB-3937034
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score