Zend-developer-tools information disclosure vulnerability
The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being...
7.1AI Score
Sensitive Information Disclosure
ezsystems/ezpublish-kernel is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the REST API potentially disclosing the names of all available site...
6.8AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
Zend-developer-tools information disclosure vulnerability
The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being...
7.1AI Score
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated...
7AI Score
Download Monitor <= 4.7.60 - Sensitive Information Exposure
The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and.....
7.5CVSS
6.2AI Score
0.005EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.9AI Score
0.016EPSS
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user...
9.8CVSS
9.9AI Score
0.058EPSS
ECOA Building Automation System - Arbitrary File Retrieval
The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system...
7.5CVSS
7.4AI Score
0.024EPSS
Veeam Data Cloud Release Information and Build Numbers
Veeam Data Cloud Release Information and Build...
7.1AI Score
MinIO information disclosure vulnerability in github.com/minio/minio
MinIO information disclosure vulnerability in...
5.3CVSS
5AI Score
0.0004EPSS
This module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching for attributes with user credentials (e.g....
7.3AI Score
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
5.3CVSS
7.2AI Score
0.949EPSS
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname...
9.8CVSS
9.6AI Score
0.012EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.011EPSS
Advanced Comment System 1.0 - Local File Inclusion
ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f...
7.5CVSS
7.4AI Score
0.158EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
7.5CVSS
6.4AI Score
0.001EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
6.7AI Score
0.001EPSS
HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential...
7.5CVSS
7.5AI Score
0.054EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
0.001EPSS
Salon booking system < 10.0 - Unauthenticated Arbitrary File Deletion
Description The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to....
9.1CVSS
9.6AI Score
0.0004EPSS
ezsystems/ezpublish-legacy is vulnerable to Information Disclosure. The vulnerability is caused due to the module not properly checking access permissions when rendering the content tree menu. This allows the tree menu to display hidden items to unauthorized users if they access the backend URL...
6.9AI Score
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
7.5CVSS
0.001EPSS
Art Gallery Management System Project v1.0 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation...
6.1CVSS
5.9AI Score
0.003EPSS
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: ...
5.3CVSS
5AI Score
0.0004EPSS
WordPress Metform <=2.1.3 - Information Disclosure
WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA.....
7.5CVSS
7.2AI Score
0.033EPSS
Hongdian H8922 3.0.5 - Information Disclosure
Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...
5.5CVSS
5.5AI Score
0.003EPSS
Eclipse Jetty ConcatServlet - Information Disclosure
Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...
5.3CVSS
5.4AI Score
0.006EPSS
Typo3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user...
7.3AI Score
Typo3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user...
7.3AI Score
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup...
7.5CVSS
7.5AI Score
0.01EPSS
Akkadian Provisioning Manager - Information Disclosure
Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be...
7.9CVSS
4.5AI Score
0.002EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.9AI Score
0.016EPSS
Diary Management System 1.0 - Cross-Site Scripting
Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in...
6.1CVSS
6AI Score
0.003EPSS
Simple Task Managing System v1.0 - SQL Injection
SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database...
9.8CVSS
9.9AI Score
0.004EPSS
Bank Locker Management System v1.0 - SQL Injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql...
9.8CVSS
9.7AI Score
0.065EPSS
Faculty Evaluation System v1.0 - Remote Code Execution
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via...
7.2CVSS
7.3AI Score
EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date...
8.8CVSS
9.1AI Score
0.001EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
Cyber Cafe Management System 1.0 - SQL Injection
Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the....
9.8CVSS
10AI Score
0.134EPSS
Movable Type mt-check.cgi System Information Disclosure
The Movable Type installation on the remote web server is leaking information via mt-check.cgi. This CGI determines if the Perl modules required by Movable Type are installed, and is only intended to be used prior to installation. It discloses path information, operating system type, Perl...
7AI Score
FleetCart 4.1.1 - Information Disclosure
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay"...
5.3CVSS
6.7AI Score
0.001EPSS
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
rConfig <3.9.4 - Sensitive Information Disclosure
rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...
7.5CVSS
7.2AI Score
0.016EPSS
Vulnerability: Information Leak in Print Spooler [#b/277961001 H]
In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
6.4AI Score
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
7AI Score
0.0004EPSS
Typo3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score
Typo3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score