This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...
7.2CVSS
7.3AI Score
0.005EPSS
Apache ActiveMQ 5.11.x < 5.11.4 / 5.12.x < 5.12.3 / 5.13.x < 5.13.1 Web Console Multiple XSS
The version of Apache ActiveMQ running on the remote host is 5.11.x prior to 5.11.4, 5.12.x prior to 5.12.3, or 5.x prior to 5.13.1. It is, therefore, affected by multiple cross-site scripting vulnerabilities in the web-based administration console due to improper validation of user-supplied...
5.4CVSS
6.1AI Score
0.001EPSS
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...
0.0004EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through...
8CVSS
6.8AI Score
0.0004EPSS
RHEL 7 / 8 : Red Hat JBoss Web Server 5.5.0 Security (Moderate) (RHSA-2021:2561)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2561 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
7.5CVSS
8.5AI Score
0.922EPSS
WooCommerce 8.8.0 - 8.9.2 - Reflected XSS
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
5.4CVSS
5.4AI Score
0.0004EPSS
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...
7.2AI Score
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 Exploit and PoC This repository contains a...
7.5CVSS
6.8AI Score
0.052EPSS
Veeam ONE Web Client Page Fails to Load After Updating .NET Runtime Components
Make sure all .NET runtime versions match, then restart the Veeam ONE Reporting...
7.1AI Score
Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web
By Waqas Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from… This is a post from HackRead.com Read the original post: Hackers Sell Fake Pegasus Spyware on Clearnet and Dark...
7.2AI Score
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka...
9.1CVSS
9.3AI Score
0.062EPSS
Joomla! <3.7.1 - SQL Injection
Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
9.8CVSS
9.7AI Score
0.976EPSS
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...
6.9AI Score
0.0004EPSS
HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web...
2.9CVSS
0.0004EPSS
Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code...
9.8CVSS
9.7AI Score
0.974EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...
3.5CVSS
4.1AI Score
0.0004EPSS
HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web...
2.9CVSS
6.9AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be....
3.5CVSS
4.3AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch....
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate....
3.5CVSS
4.1AI Score
0.0004EPSS
Microsoft SQL (MSSQL) Server 6, 7, 2000 Multiple Vulnerabilities
The plugin attempts a smb connection to read version from the registry...
6.1AI Score
0.974EPSS
GL.iNet Router Authentication Bypass (CVE-2023-46453) Exploit...
7.7AI Score
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the...
3.5CVSS
6.2AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...
4.8CVSS
5.5AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be....
3.5CVSS
6.4AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate.....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate.....
3.5CVSS
6.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through...
7.1CVSS
7.3AI Score
0.0004EPSS
Plesk Obsidian <=18.0.49 - Open Redirect
Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is "the ability to use...
6.1CVSS
6.3AI Score
0.002EPSS
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note...
7.5CVSS
7.4AI Score
0.008EPSS
RHEL 7 / 8 : Red Hat JBoss Web Server 5.4.2 Security Update (Important) (RHSA-2021:1195)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1195 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
7.4CVSS
7.9AI Score
0.005EPSS
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...
7.2AI Score
3DPrint Lite < 1.9.1.5 - Arbitrary File Upload
The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...
9.8CVSS
7.1AI Score
0.188EPSS
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the...
6.9AI Score
0.0004EPSS
7.4AI Score
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the...
6.9AI Score
0.0004EPSS
Apache Struts2 S2-053 - Remote Code Execution
Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the...
9.8CVSS
9.4AI Score
0.975EPSS
ZendFramework1 Potential Security Issues in Bundled Dojo Library
In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several files....
7.3AI Score
golang.org/x/text/language Denial of service via crafted Accept-Language header
The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers. The parser cannot be easily rewritten to....
7.5CVSS
7.3AI Score
0.002EPSS
6.5AI Score
RHEL 7 / 8 : Red Hat JBoss Web Server 5.6.2 Security Update (Important) (RHSA-2022:1519)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1519 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
7.5CVSS
8.3AI Score
0.013EPSS
RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 1 (RHSA-2018:2868)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2868 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
5.9CVSS
6.7AI Score
0.791EPSS