5.9CVSS
5.8AI Score
0.001EPSS
8.8CVSS
5.8AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to...
6.5CVSS
5.3AI Score
0.001EPSS
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.3-12.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications...
6.1CVSS
5.7AI Score
0.001EPSS
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require...
5.4CVSS
5.2AI Score
0.0004EPSS
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to...
6.3CVSS
6.5AI Score
0.0005EPSS
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the...
6.5CVSS
6.4AI Score
0.0005EPSS
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the...
4.3CVSS
4.5AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.002EPSS
7.5CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.001EPSS
ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified...
7.5CVSS
7.8AI Score
0.001EPSS
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to...
6.7CVSS
5.1AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5...
8.8CVSS
8.8AI Score
0.001EPSS
6.5CVSS
7.3AI Score
0.001EPSS
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...
4.3CVSS
4.6AI Score
0.001EPSS
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to...
5CVSS
7.6AI Score
0.001EPSS
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link....
6.1CVSS
6.1AI Score
0.001EPSS
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised....
4.3CVSS
4.5AI Score
0.001EPSS
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a...
5.3CVSS
5.3AI Score
0.001EPSS
Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework). Supported versions that are affected are 23.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this...
6.5CVSS
6.4AI Score
0.001EPSS
The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the...
4.3CVSS
4.6AI Score
0.001EPSS
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause...
5.4CVSS
5.4AI Score
0.001EPSS
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an...
5.4CVSS
5.5AI Score
0.001EPSS
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom...
4.6CVSS
5.2AI Score
0.001EPSS
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
4.9CVSS
5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to...
6.1CVSS
6.1AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
5CVSS
6.9AI Score
0.0004EPSS
SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the...
6.1CVSS
6.4AI Score
0.001EPSS
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead...
6.1CVSS
6.4AI Score
0.001EPSS
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the.....
6.1CVSS
6.4AI Score
0.001EPSS
Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the.....
7.3CVSS
7.3AI Score
0.0004EPSS
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
3.5CVSS
3.9AI Score
0.001EPSS
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the.....
5.4CVSS
5.3AI Score
0.0005EPSS
Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @"<username>"#p<id> syntax. The following behavior never changes no matter if the actor should be able t...
4.3CVSS
4.4AI Score
0.001EPSS
A vulnerability classified as problematic has been found in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.0 is able to address....
6.1CVSS
6AI Score
0.001EPSS
7.8CVSS
8.7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to...
6.1CVSS
6.1AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by...
7.8CVSS
7.8AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare...
5.4CVSS
5.2AI Score
0.001EPSS
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space...
5.4CVSS
5.2AI Score
0.001EPSS
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of...
5.4CVSS
5.2AI Score
0.001EPSS
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow...
5.4CVSS
5.5AI Score
0.001EPSS
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login...
6.1CVSS
5.9AI Score
0.001EPSS