CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 2:59 a.m.•2 views

CVE-2023-1356

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link...

7.5CVSS6.2AI score0.00256EPSS

Positive Technologies•added 2024/01/19 12:0 a.m.•2 views

PT-2024-14328 · Yonyou · Yonbip

Name of the Vulnerable Software and Affected Versions: YonBIP version 3 23.05 Description: A SQL injection issue was discovered in YonBIP via the runScript method of the com.yonyou.hrcloud.attend.web.AttendScriptController class. This allows for potential exploitation. Recommendations: For YonBIP...

9.8CVSS9.8AI score0.00133EPSS

Exploits0References8

OSV•added 2023/10/25 6:17 p.m.•3 views

CVE-2023-27261

Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers...

6.5CVSS5.8AI score0.00195EPSS

IDAttend IDWeb Access Control Error Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the StudentPopupDetailsStudentDetails method...

9.8CVSS8AI score0.00153EPSS

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in the IDAttend IDWeb application version 3.1.052 and prior versions, which stems from an unauthenticated SQL injection in the GetVisitors method...

9.8CVSS8AI score0.00153EPSS

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from an unauthenticated SQL injection in the GetAssignmentsDue method...

CNNVD•added 2023/10/25 12:0 a.m.•0 views

IDAttend IDWeb Access Control Error Vulnerability

CNNVD•added 2023/10/25 12:0 a.m.•2 views

IDAttend IDWeb Access Control Error Vulnerability

6.5CVSS7AI score0.00195EPSS

IDAttend IDWeb Access Control Error Vulnerability

IDAttend IDWeb Authorization Issues Vulnerability

CNNVD•added 2023/10/25 12:0 a.m.•0 views

IDAttend IDWeb SQL Injection Vulnerability

9.8CVSS8AI score0.00165EPSS

CNNVD•added 2023/10/25 12:0 a.m.•4 views

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the DeleteRoomChanges method...

9.8CVSS8AI score0.00153EPSS

Wiz blog•added 2021/06/24 4:15 p.m.•9 views

The 10 must-attend sessions at Black Hat 2021

The 10 must-attend sessions at Black Hat 2021...

7AI score

Exploits0

CNVD•added 2017/12/04 12:0 a.m.•1 views

Cisco WebEx Event Center Information Leak

Cisco WebEx Event Center is an online video conferencing solution from Cisco. The program integrates audio and video content sharing, and supports joining online meetings through browsers, PCs, or mobile devices. An information disclosure vulnerability exists in Cisco WebEx Event Center. A remote...

4.3CVSS6.3AI score0.00253EPSS