A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection....
9.8CVSS
9.8AI Score
0.003EPSS
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this...
7.5CVSS
7.9AI Score
0.001EPSS
Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-22201 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2...
7.5CVSS
7.1AI Score
0.0004EPSS
A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the.....
5.4CVSS
5.2AI Score
0.001EPSS
Coaster CMS Stored Cross-site Scripting vulnerability
A Stored Cross-site Scripting vulnerability has been discovered in the v5.5.0 version of the Coaster CMS...
6.1CVSS
6.3AI Score
0.001EPSS
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server......
8.1CVSS
7.8AI Score
0.0004EPSS
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5868 DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...
4.3CVSS
6.2AI Score
0.002EPSS
A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The.....
5.4CVSS
5.2AI Score
0.001EPSS
The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against.....
8.8CVSS
8.6AI Score
0.002EPSS
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the...
9.8CVSS
9.7AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. The attack may be....
6.1CVSS
6AI Score
0.001EPSS
Mattermost crashes web clients via a malformed custom status in...
4.3CVSS
4.6AI Score
0.0004EPSS
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: .....
4.8CVSS
4.8AI Score
0.0004EPSS
Mantis Bug Tracker (MantisBT), an open source issue tracker was detected on the remote host. Note: enabling thorough tests improves the likelihood that instances of MantisBT are detected at the cost of increasing the scan's duration and generated network...
7.4AI Score
7.8CVSS
8.1AI Score
0.005EPSS
6.5CVSS
6.8AI Score
0.001EPSS
(RHSA-2024:3560) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...
5.9AI Score
0.002EPSS
(RHSA-2024:3559) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...
5.9AI Score
0.002EPSS
Syncovery For Linux Web-GUI Session Token Brute-Forcer
This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X day(s). By default today and yesterday (DAYS = 1) will be checked. If a valid session token is.....
7.2AI Score
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob...
5.4CVSS
5.7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation in Jsoup
Cross-site scripting (XSS) vulnerability in jsoup before...
6.1CVSS
6.1AI Score
0.002EPSS
The remote server is running a Citrix Web Interface server that is vulnerable to cross site...
6.2AI Score
0.009EPSS
It is possible to browse the information of the OWA server by accessing as an anonymous...
6.2AI Score
0.015EPSS
reportico-web/reportico is vulnerable to Information Disclosure. The vulnerability is due to improper handling of user input within the execute_mode parameter of the URL, which allows attackers obtain sensitive...
6.6AI Score
0.0004EPSS
Malicious code in agencyportal-web (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (3f01ab5c8d151da175f79cd0379f0f4d714ddceb4075503d821ee2f05515d1cb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more.....
8.1CVSS
7.8AI Score
0.009EPSS
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...
7AI Score
0.002EPSS
Reportico affected by Incorrect Access Control
An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the...
6AI Score
0.0004EPSS
Web Server Directory Enumeration
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or...
9.6AI Score
0.002EPSS
A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
6.1CVSS
6AI Score
0.001EPSS
ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...
8.8CVSS
8.4AI Score
0.001EPSS
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML...
6.1CVSS
6AI Score
0.001EPSS
This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the...
0.6AI Score
A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...
6.1CVSS
6.1AI Score
0.001EPSS
Cisco IOS XE Software Web UI Command Injection (cisco-sa-web-cmdinj2-fOnjk2LD)
According to its self-reported version, the IOS XE is affected by command injection vulnerability. A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying...
8.8CVSS
9.4AI Score
0.002EPSS
SolarWinds Web Help Desk - Web Detection
The web interface for SolarWinds Web Help Desk was detected on the remote...
0.6AI Score
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
8.8CVSS
7.8AI Score
0.135EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
5.5CVSS
5.5AI Score
0.014EPSS
In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution...
9.8CVSS
6.4AI Score
0.001EPSS
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the....
9.8CVSS
9.3AI Score
0.001EPSS
Malicious code in brand-adidas-design-tokens (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (7e16fae72fd3726263d7bfa2f1c164b7d4100f89931856c163e37c534feb1a57) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Web Application Firewall Detected
A Web Application Firewall (WAF) has been detected during the scan. A WAF is designed to help protecting web applications by monitoring and filtering HTTP(S) traffic through a set of rules in order to prevent the most common attacks. . The identified WAF may have blocked several requests during...
0.6AI Score
A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword...
7.5CVSS
7.6AI Score
0.001EPSS
Microsoft Exchange Outlook Web App / Outlook Web Access (OWA) Detection (HTTP)
HTTP based detection of the Microsoft Exchange Outlook Web App / Outlook Web Access (OWA) and the Microsoft Exchange Server running this OWA...
7.3AI Score
(RHSA-2024:3561) Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.16, and includes bug...
5.9AI Score
0.002EPSS
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit...
5.3CVSS
5.4AI Score
0.321EPSS
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch.....
9.8CVSS
9.5AI Score
0.002EPSS
Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...
6.9AI Score
0.0004EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could...
7.8CVSS
7.5AI Score
0.014EPSS