Lucene search
+L

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.14 views

CVE-2026-37596

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

2.7CVSS5.7AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-52447

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00709EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-52445

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.0057EPSS
Exploits0References1
NVD
NVD
added 2023/12/15 10:15 a.m.18 views

CVE-2023-48394

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

8.8CVSS0.00886EPSS
Exploits0References1
NVD
NVD
added 2023/12/15 10:15 a.m.23 views

CVE-2023-48393

Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...

4.3CVSS0.0057EPSS
Exploits0References1
Prion
Prion
added 2023/12/15 10:15 a.m.15 views

Design/Logic Flaw

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

7.5CVSS7.8AI score0.0057EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/15 9:27 a.m.46 views

CVE-2023-48395

The CVE describes an SQL injection in Kaifa Technology WebITR (online attendance system) caused by insufficient input validation in a particular function. An attacker with regular user privileges can exploit this to read the database by injecting arbitrary SQL commands. Several connected sources ...

6.5CVSS6.8AI score0.00709EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/15 9:25 a.m.54 views

CVE-2023-48394

CVE-2023-48394 affects Kaifa Technology WebITR (online attendance system). The issue lies in the file upload function, which does not restrict uploading of dangerous file types. A remote attacker with regular user privileges can upload arbitrary files to execute commands or disrupt service. Conne...

8.8CVSS9AI score0.00886EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/15 9:22 a.m.49 views

CVE-2023-48393

CVE-2023-48393 affects Kaifa Technology WebITR (online attendance system). The vulnerability allows a remote attacker with regular user privileges to obtain partial sensitive information via error messages. The CVSSv3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) indicates a low impact on confid...

4.3CVSS4.5AI score0.0057EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/15 9:22 a.m.24 views

CVE-2023-48393 Kaifa Technology WebITR - Error Message Leakage

Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...

4.3CVSS4.8AI score0.0057EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/15 9:20 a.m.32 views

CVE-2023-48392 Kaifa Technology WebITR - Hard-coded Cryptographic Key

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...

9.8CVSS9.8AI score0.0057EPSS
Exploits0References1
CVE
CVE
added 2023/12/15 9:20 a.m.52 views

CVE-2023-48392

CVE-2023-48392 affects Kaifa Technology WebITR, an online attendance system. The root cause is use of a hard-coded encryption key that allows an unauthenticated remote attacker to generate valid token parameters, enabling login as an arbitrary user (including administrator) and access to the syst...

9.8CVSS9.7AI score0.0057EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/05/13 12:0 a.m.2 views

Weak Password Vulnerability in Online Fingerprint Time and Attendance System of Beijing Zhongcheng Technology Development Co.

Ltd. is a company in the field of time safety management, venture capital, green agriculture, mining extraction and OEM production. A weak password vulnerability exists in the online fingerprint time and attendance system of Beijing Zhongcheng Technology Development Co. Ltd, which can be exploite...

7.1AI score
Exploits0
CVE
CVE
added 2005/11/27 11:0 a.m.53 views

CVE-2005-3851

CVE-2005-3851 is a cross-site scripting (XSS) vulnerability affecting Online Attendance System (OASYS) Lite 1.0. The flaw resides in search.asp where attacker-controlled search parameters (possibly the keyword parameter) can trigger script/HTML injection in the victim’s browser. The issue is docu...

4.3CVSS6.1AI score0.01177EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder