Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
EPSS
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
8.4AI Score
EPSS
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
9.8AI Score
EPSS
CVE-2024-6046 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...
7.4AI Score
EPSS
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...
EPSS
CVE-2024-6045 D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
EPSS
7.5AI Score
9.8CVSS
9.7AI Score
0.002EPSS
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-werkzeug, superset,...
7.5CVSS
7.7AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-werkzeug, superset,...
7.5AI Score
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: py3-flask-cors, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: py3-idna, kubeflow-pipelines, kubeflow-jupyter-web-app, confluent-docker-utils, datadog-agent, kubeflow-katib, jwt-tool, py3-cassandra-medusa, k8s-sidecar, kubeflow-pipelines-visualization-server, ggshield, az, dask-gateway, py3.10-tensorflow-core,...
7.5AI Score
Vulnerabilities for packages: py3-idna, kubeflow-pipelines, kubeflow-jupyter-web-app, confluent-docker-utils, datadog-agent, kubeflow-katib, jwt-tool, py3-cassandra-medusa, k8s-sidecar, kubeflow-pipelines-visualization-server, ggshield, az, dask-gateway, py3.10-tensorflow-core,...
8AI Score
EPSS
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-jupyter-web-app, jwt-tool, py3-urllib3,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, confluent-docker-utils, dask-gateway, py3-jinja2, reflex, superset,...
7.5AI Score
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, confluent-docker-utils, dask-gateway, py3-jinja2, reflex, superset,...
5.4CVSS
6.1AI Score
0.0004EPSS
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-jupyter-web-app, jwt-tool, py3-urllib3,...
4.2CVSS
7.1AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, kubeflow-jupyter-web-app, confluent-docker-utils, datadog-agent, kubeflow-katib, jwt-tool, mlflow, k8s-sidecar, py3-cassandra-medusa, az, airflow, superset, py3.10-tensorflow-core,...
7.5AI Score
Vulnerabilities for packages: py3-flask-cors, kubeflow-volumes-web-app,...
5.3CVSS
5.5AI Score
0.0004EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug, airflow,...
8CVSS
7.9AI Score
0.001EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, kubeflow-jupyter-web-app, confluent-docker-utils, datadog-agent, kubeflow-katib, jwt-tool, mlflow, k8s-sidecar, py3-cassandra-medusa, az, airflow, superset, py3.10-tensorflow-core,...
5.6CVSS
6.1AI Score
0.0004EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug, airflow,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-urllib3, k8s-sidecar, dask-gateway, kube-downscaler,...
8.1CVSS
7.6AI Score
0.001EPSS
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-urllib3, k8s-sidecar, dask-gateway, kube-downscaler,...
7.5AI Score
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...
EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.6AI Score
EPSS
A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
6.8AI Score
EPSS
A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
EPSS
CVE-2024-6043 SourceCodester Best House Rental Management System admin_class.php login sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
EPSS
CVE-2024-6042 itsourcecode Real Estate Management System property-detail.php sql injection
A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
EPSS
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...
6.3CVSS
EPSS
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...
6.3CVSS
6.8AI Score
EPSS
CVE-2024-6041 itsourcecode Gym Management System manage_user.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...
6.3CVSS
EPSS
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
6.3CVSS
EPSS
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...
7.5AI Score
EPSS
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...
EPSS
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
6.3CVSS
6.8AI Score
EPSS
CVE-2024-6039 Feng Office Workspaces sql injection
A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
6.3CVSS
EPSS
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
EPSS
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
7.2AI Score
EPSS
nabssar.net Cross Site Scripting vulnerability OBB-3935787
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
shopsme.net Cross Site Scripting vulnerability OBB-3935785
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bvpa.co.uk Cross Site Scripting vulnerability OBB-3935784
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
jackmitchell.com Cross Site Scripting vulnerability OBB-3935783
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
hlabhm.com Cross Site Scripting vulnerability OBB-3935782
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
capfun.com Cross Site Scripting vulnerability OBB-3935779
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
yasuragitime.blog.fc2.com Cross Site Scripting vulnerability OBB-3935777
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score