Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code...
9.8CVSS
9.7AI Score
0.974EPSS
HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web...
2.9CVSS
6.9AI Score
0.0004EPSS
HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web...
2.9CVSS
0.0004EPSS
Apache ActiveMQ 5.11.x < 5.11.4 / 5.12.x < 5.12.3 / 5.13.x < 5.13.1 Web Console Multiple XSS
The version of Apache ActiveMQ running on the remote host is 5.11.x prior to 5.11.4, 5.12.x prior to 5.12.3, or 5.x prior to 5.13.1. It is, therefore, affected by multiple cross-site scripting vulnerabilities in the web-based administration console due to improper validation of user-supplied...
5.4CVSS
6.1AI Score
0.001EPSS
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...
7.2AI Score
MinIO information disclosure vulnerability
Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...
5.3CVSS
6.2AI Score
0.0004EPSS
Popup-Maker < 1.8.12 - Broken Authentication
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka...
9.1CVSS
9.3AI Score
0.055EPSS
Joomla! <3.7.1 - SQL Injection
Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
9.8CVSS
9.7AI Score
0.976EPSS
Quicktime/Darwin 4.1.x Streaming Administration Server 'parse_xml.cgi' Multiple Vulnerabilities
QuickTime/Darwin streaming administration server is prone to multiple...
6.5AI Score
0.659EPSS
7.4AI Score
RHEL 7 / 8 : Red Hat JBoss Web Server 5.5.0 Security (Moderate) (RHSA-2021:2561)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2561 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
7.5CVSS
8.5AI Score
0.922EPSS
3DPrint Lite < 1.9.1.5 - Arbitrary File Upload
The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...
9.8CVSS
7.1AI Score
0.188EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through...
8CVSS
6.8AI Score
0.0004EPSS
Moodle Privilege escalation in quiz web services
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the...
4.3CVSS
7.1AI Score
0.001EPSS
Moodle Privilege escalation in quiz web services
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the...
4.3CVSS
6.6AI Score
0.001EPSS
7.4AI Score
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a....
6.5CVSS
6.4AI Score
0.002EPSS
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the...
6.9AI Score
0.0004EPSS
7.4AI Score
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the...
6.9AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...
3.5CVSS
4.1AI Score
0.0004EPSS
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the Zend\Mail\Transport\Sendmail transport, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they...
7.2AI Score
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch....
3.5CVSS
4.1AI Score
0.0004EPSS
GL.iNet Router Authentication Bypass (CVE-2023-46453) Exploit...
7.7AI Score
mediawiki/core is vulnerable to Improper Access Control. The vulnerability is due to the absence of a .htaccess file which is required to protect some directories from web access, potentially allowing attackers to access sensitive files and directories that shouldn't be web...
5.3CVSS
6.5AI Score
0.002EPSS
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...
7.2CVSS
7.3AI Score
0.005EPSS
Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web
By Waqas Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from… This is a post from HackRead.com Read the original post: Hackers Sell Fake Pegasus Spyware on Clearnet and Dark...
7.2AI Score
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be....
3.5CVSS
6.4AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate.....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate.....
3.5CVSS
6.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through...
7.1CVSS
7.3AI Score
0.0004EPSS
6.5AI Score
Apache Struts2 S2-053 - Remote Code Execution
Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the...
9.8CVSS
9.4AI Score
0.975EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be....
3.5CVSS
4.3AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch....
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate....
3.5CVSS
4.1AI Score
0.0004EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
0.0004EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
6.8AI Score
0.0004EPSS
Mattermost crashes web clients via a malformed custom status
Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom...
4.3CVSS
6.6AI Score
0.0004EPSS
7.4AI Score
K000139553: VPN TunnelVision vulnerability CVE-2024-3661
Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...
7.6CVSS
7.5AI Score
0.0005EPSS
D-Link DNS-320 - Remote Code Execution
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command...
9.8CVSS
9.7AI Score
0.976EPSS