CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id...
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id...
7.8AI Score
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu...
8.3AI Score
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu...
8.3AI Score
0.0004EPSS
Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info...
5.8AI Score
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu...
0.0004EPSS
Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info...
0.0004EPSS
Smart S210 Management Platform - Arbitary File Upload
A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted...
9.8CVSS
7.1AI Score
0.027EPSS
43% of couples experience pressure to share logins and locations, Malwarebytes finds
All isn’t fair in love and romance today, as 43% of people in a committed relationship said they have felt pressured by their own partners to share logins, passcodes, and/or locations. A worrying 7% admitted that this type of pressure has included the threat of breaking up or the threat of...
6.8AI Score
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....
6.3CVSS
0.0004EPSS
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....
6.3CVSS
6.9AI Score
0.0004EPSS
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more
This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on...
6.6AI Score
How are attackers trying to bypass MFA?
In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024. In 25% of engagements, the underlying cause was users...
8.1AI Score
CVE-2024-6109 itsourcecode Tailoring Management System addmeasurement.php sql injection
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....
6.3CVSS
0.0004EPSS
The Annual SaaS Security Report: 2025 CISO Plans and Priorities
Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA)....
7.2AI Score
Rethinking Democracy for the Age of AI
There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...
6.4AI Score
org.keycloak: keycloak-services is vulnerable to Improper Privilege Management. The vulnerability is due to users with low privileges being able to utilize administrative functionalities within the Keycloak admin...
6.8AI Score
EPSS
Smart s200 Management Platform v.S200 - SQL Injection
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php...
7.5AI Score
0.001EPSS
Rancher is vulnerable to Improper Privilege Management. The vulnerability is due to privilege escalation checks not being properly enforced for RoleTemplate objects when external=true, allowing rules from a ClusterRole to be ignored under certain contexts, which has been fixed by introducing a new....
7.2AI Score
EPSS
Insufficient Control Flow Management
Evmos is vulnerable to Insufficient Control Flow Management. The vulnerability is due to different ante handler checks for Cosmos and Ethereum transactions, allowing a clawback account to bypass Cosmos checks by sending an Ethereum transaction targeting a precompile used to interact with a Cosmos.....
3.5CVSS
6.7AI Score
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu...
0.0004EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id...
0.0004EPSS
Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info...
0.0004EPSS
Cooked – Recipe Management <= Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Cooked – Recipe Management recipe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows...
5.4CVSS
5.8AI Score
0.0004EPSS
Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname and lname parameters under the Staff Info...
5.9AI Score
0.0004EPSS
PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a...
7.7AI Score
EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu...
0.0004EPSS
K000140043: runc vulnerability CVE-2024-21626
Security Advisory Description runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working...
8.6CVSS
7AI Score
0.051EPSS
K000140039: Intel QAT vulnerability CVE-2023-32641
Security Advisory Description Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. (CVE-2023-32641) Impact There is no impact; F5 products are not affected by this...
8.8CVSS
7.5AI Score
0.001EPSS
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu...
8.4AI Score
0.0004EPSS
Toshiba e-STUDIO2518A Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue results from improper...
8.8CVSS
7.1AI Score
0.0004EPSS
K000140042: libldap vulnerability CVE-2020-15719
Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8.....
4.2CVSS
6.4AI Score
0.002EPSS
The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15308 advisory. Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential...
7.5CVSS
7.6AI Score
0.0005EPSS
K000140029: libcurl vulnerability CVE-2024-2398
Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously...
6.6AI Score
0.0004EPSS
Security Advisory Description CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. CVE-2020-36229 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before...
7.5CVSS
7.4AI Score
0.915EPSS
Linux kernel (HWE) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-hwe-6.5 - Linux hardware enablement (HWE) kernel Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...
7.8CVSS
7.5AI Score
0.001EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.8AI Score
EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.5AI Score
EPSS
DeepJavaLibrary API absolute path traversal
Summary DeepJavaLibrary(DJL) versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions:...
10CVSS
6.7AI Score
0.0004EPSS
DeepJavaLibrary API absolute path traversal
Summary DeepJavaLibrary(DJL) versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions:...
10CVSS
6.7AI Score
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
6.9AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input...
0.0004EPSS
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input...
5.8AI Score
0.0004EPSS
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....
7.9AI Score
0.0004EPSS
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....
0.0004EPSS
CVE-2024-6066 SourceCodester Best House Rental Management System payment_report.php sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
0.0004EPSS
CVE-2024-6066 SourceCodester Best House Rental Management System payment_report.php sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
7.7AI Score
0.0004EPSS
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...
7.9AI Score
DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model....
10CVSS
0.0004EPSS