Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...
7.6CVSS
6.7AI Score
0.0004EPSS
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative...
7.8CVSS
6.8AI Score
0.001EPSS
BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
3.1CVSS
3.4AI Score
0.0005EPSS
BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of...
8.8CVSS
9.1AI Score
0.0005EPSS
8.8CVSS
7.4AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched...
5.5CVSS
5.5AI Score
0.0005EPSS
In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the...
8.6CVSS
8.1AI Score
0.001EPSS
Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI plugin <= 1.7...
5.9CVSS
4.9AI Score
0.0005EPSS
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to...
4.6CVSS
4.6AI Score
0.001EPSS
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to...
4.4CVSS
4.9AI Score
0.001EPSS
A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local....
5.5CVSS
5.5AI Score
0.0004EPSS
SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget...
8.8CVSS
9AI Score
0.001EPSS
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to...
7.8CVSS
7.7AI Score
0.0004EPSS
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch...
9.8CVSS
9.7AI Score
0.002EPSS
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or...
5.3CVSS
5.2AI Score
0.001EPSS
Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM...
7.8CVSS
7.8AI Score
0.0004EPSS
Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted...
5.5CVSS
5.2AI Score
0.0004EPSS
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as...
5.5CVSS
5.2AI Score
0.0004EPSS
A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of...
7.5CVSS
7.6AI Score
0.001EPSS
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset...
5.3CVSS
5.2AI Score
0.001EPSS
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned...
5.4CVSS
5.2AI Score
0.001EPSS
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to...
8.8CVSS
7.7AI Score
0.0004EPSS
An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field....
5.4CVSS
5.2AI Score
0.001EPSS
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified...
6.7AI Score
0.002EPSS
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party...
7.8AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.001EPSS
Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a denial of service via unknown attack...
6.6AI Score
0.001EPSS
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT.....
6.9AI Score
0.005EPSS
4.3CVSS
4.5AI Score
0.001EPSS
4.8CVSS
4.8AI Score
0.001EPSS
8CVSS
7.7AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of...
9.8CVSS
9.8AI Score
0.036EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of...
6.5CVSS
6.5AI Score
0.002EPSS
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not...
7.3CVSS
6.2AI Score
0.001EPSS
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the...
7.3CVSS
6.3AI Score
0.001EPSS
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted...
4.8CVSS
5.6AI Score
0.001EPSS
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted...
4.8CVSS
5.6AI Score
0.001EPSS
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...
8.1CVSS
7.9AI Score
0.011EPSS
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...
8.8CVSS
9.2AI Score
0.012EPSS
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password...
8.8CVSS
8.5AI Score
0.002EPSS
6.5CVSS
6.4AI Score
0.001EPSS
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure...
7.5CVSS
7.5AI Score
0.001EPSS
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user...
5.4CVSS
5.2AI Score
0.001EPSS
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user...
5.4CVSS
5.2AI Score
0.001EPSS
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to...
7.4CVSS
7.3AI Score
0.001EPSS
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of...
9.8CVSS
9.6AI Score
0.024EPSS
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to...
5.3CVSS
5.1AI Score
0.001EPSS
8.8CVSS
8.5AI Score
0.001EPSS
6.5CVSS
6.2AI Score
0.001EPSS