CVE-2024-0350 SourceCodester Engineers Online Portal session expiration

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-0347 SourceCodester Engineers Online Portal signup_teacher.php weak password

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signupteacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The...

CVE-2023-7211

A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an...

GHSA-J5G9-J7R4-6QVX Craft CMS Privilege Escalation

Impact This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups. Patches This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. References...

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

CVE-2024-21622 Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...

CVE-2024-0188 RRJ Nueva Ecija Engineer Online Portal change_password_teacher.php weak password

A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file changepasswordteacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity o...

CVE-2024-0188 RRJ Nueva Ecija Engineer Online Portal change_password_teacher.php weak password

A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file changepasswordteacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity o...

CVE-2024-0186 HuiRan Host Reseller System HTTP POST Request password recovery

A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the...

Improper access control

A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The...

Sql injection

A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument Mpwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be...

CVE-2023-4462 Poly VVX 601 Web Configuration Application random values

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

Code injection

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

CVE-2023-7148 ShifuML shifu Java Expression Language DataPurifier.java code injection

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial of Service. The vulnerability is due to inefficient regular expression complexity in GitLab's Jira prefix handling,this allows with certain inputs causing excessive consumption of resources thats leading to a ReDoS...

CVE-2023-7098

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexi...

CVE-2023-7098 icret EasyImages hide.php path traversal

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexi...

GHSA-JPFP-XQ3P-4H3R Deis Workflow Manager race condition vulnerability

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

Race condition

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...