An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not...
8.1CVSS
7.9AI Score
0.001EPSS
SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive...
6.8CVSS
5.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0...
8.8CVSS
8.8AI Score
0.001EPSS
Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed...
6.1CVSS
6.1AI Score
0.0005EPSS
Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a.....
6.1CVSS
5.2AI Score
0.0005EPSS
Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote...
9.8CVSS
9.6AI Score
0.001EPSS
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login...
5.9CVSS
5.7AI Score
0.0005EPSS
The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator...
8.8CVSS
8.8AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13...
7.1CVSS
5.9AI Score
0.0005EPSS
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML...
4.3CVSS
4.6AI Score
0.001EPSS
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be...
7.5CVSS
7.3AI Score
0.001EPSS
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
6.5CVSS
6.5AI Score
0.0005EPSS
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted...
9.8CVSS
9.3AI Score
0.002EPSS
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality....
9.8CVSS
9.5AI Score
0.001EPSS
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could...
8.7CVSS
6.8AI Score
0.001EPSS
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any...
7.5CVSS
7.7AI Score
0.001EPSS
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the...
7.5CVSS
7.4AI Score
0.001EPSS
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin...
8.8CVSS
8.5AI Score
0.001EPSS
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user...
9.1CVSS
9.1AI Score
0.001EPSS
Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary...
6.1CVSS
6AI Score
0.001EPSS
Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
5AI Score
0.0005EPSS
Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary...
5.4CVSS
5AI Score
0.0005EPSS
Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted...
6.1CVSS
6.2AI Score
0.001EPSS
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web...
7.7CVSS
6.2AI Score
0.001EPSS
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from...
6.5CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File...
4.9CVSS
4.9AI Score
0.001EPSS
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute...
8.8CVSS
8.4AI Score
0.001EPSS
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM...
7.5CVSS
7.7AI Score
0.001EPSS
SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in...
9.1CVSS
9.4AI Score
0.001EPSS
Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the...
6.1CVSS
6.3AI Score
0.001EPSS
A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity...
5.3CVSS
5.2AI Score
0.001EPSS
5.5CVSS
5.6AI Score
0.0004EPSS
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on...
7.5CVSS
7.7AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on...
5.5CVSS
5.4AI Score
0.0004EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on...
5.5CVSS
5.5AI Score
0.0004EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search...
7.5CVSS
7.4AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS...
7.5CVSS
7.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security ...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log...
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.7AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway...
9.8CVSS
9.3AI Score
0.001EPSS
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web...
9.8CVSS
9.5AI Score
0.001EPSS
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known...
9.8CVSS
9.5AI Score
0.001EPSS