Application Security Vulnerabilities
Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to...
6.1CVSS
6.1AI Score
0.001EPSS
Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication.....
6.8CVSS
7.1AI Score
0.001EPSS
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to...
9.8CVSS
9.7AI Score
0.001EPSS
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in....
7.5CVSS
7.3AI Score
0.004EPSS
A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The...
7.5CVSS
7.3AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.This issue affects Loan Repayment Calculator and Application Form: from n/a through...
5.9CVSS
5.4AI Score
0.0004EPSS
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...
5.9CVSS
6.7AI Score
0.963EPSS
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended...
6.5CVSS
6.2AI Score
0.001EPSS
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended...
6.5CVSS
6.1AI Score
0.001EPSS
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely....
9.8CVSS
9.7AI Score
0.001EPSS
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with.....
8.5CVSS
8.3AI Score
0.001EPSS
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout...
10CVSS
9.6AI Score
0.002EPSS
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because...
7.5CVSS
7.3AI Score
0.001EPSS
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...
9.4CVSS
9AI Score
0.001EPSS
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...
7.7CVSS
6.4AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application – Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application – Best WordPress Job Manager for...
7.1CVSS
6.6AI Score
0.0005EPSS
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI...
8.4CVSS
7.1AI Score
0.0005EPSS
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows....
8.8CVSS
8.6AI Score
0.001EPSS
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands...
9.6CVSS
9.1AI Score
0.001EPSS
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...
5.5CVSS
5.2AI Score
0.0004EPSS
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet...
3.7CVSS
4.3AI Score
0.0005EPSS
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target...
7.8CVSS
7.8AI Score
0.0004EPSS
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of...
7.1CVSS
6.8AI Score
0.0004EPSS
Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT,...
5.3CVSS
5.3AI Score
0.001EPSS
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or...
5.3CVSS
5.3AI Score
0.001EPSS
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit.....
7.3CVSS
4.5AI Score
0.0004EPSS
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information...
7.5CVSS
7.4AI Score
0.001EPSS
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the...
6.5CVSS
5.9AI Score
0.001EPSS
Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through...
9.8CVSS
9.4AI Score
0.001EPSS
4.3CVSS
4.7AI Score
0.0005EPSS
5.4CVSS
4.2AI Score
0.0004EPSS
5.4CVSS
4.2AI Score
0.0004EPSS
4.3CVSS
4.7AI Score
0.0005EPSS
4.8CVSS
5AI Score
0.0004EPSS
PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover...
5.3CVSS
5.2AI Score
0.001EPSS
8.8CVSS
5.4AI Score
0.001EPSS
8.8CVSS
5.4AI Score
0.001EPSS
8.2CVSS
5.6AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.0004EPSS
8.8CVSS
5.4AI Score
0.001EPSS
5.4CVSS
4.2AI Score
0.0004EPSS
5.4CVSS
5.3AI Score
0.0004EPSS
5.4CVSS
4.3AI Score
0.0004EPSS
5.4CVSS
4.8AI Score
0.0004EPSS
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual...
8.2CVSS
7.4AI Score
0.0005EPSS
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed.....
8.8CVSS
8.7AI Score
0.001EPSS
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS).....
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software...