Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...
5.8CVSS
7.1AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /App_Resource/UEditor/server/upload.aspx. The manipulation of the argument file leads to unrestricted upload. The exploit....
9.8CVSS
9.4AI Score
0.001EPSS
(RHSA-2024:3331) Important: OpenShift Container Platform 4.14.27 bug fix and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.27. See the following advisory for the RPM...
6.9AI Score
0.0005EPSS
Unencrypted traffic between pods when using Wireguard and an external kvstore in...
6.1CVSS
6.2AI Score
0.0004EPSS
This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data.....
8.2CVSS
8AI Score
0.0004EPSS
In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported...
4.9CVSS
5AI Score
0.001EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
8.8CVSS
6.5AI Score
0.011EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
8.8CVSS
7AI Score
0.008EPSS
PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter. NOTE: CVE and other third parties dispute this vulnerability...
7.9AI Score
0.016EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
8.8CVSS
6.5AI Score
0.008EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
8.8CVSS
6.5AI Score
0.008EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
8.1CVSS
7AI Score
0.009EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
8.8CVSS
7AI Score
0.008EPSS
Access control bypass due to broad route matching in github.com/beego/beego and beego/v2
Routes in the beego HTTP router can match unintended patterns. This overly-broad matching may permit an attacker to bypass access controls. For example, the pattern "/a/b/:name" can match the URL "/a.xml/b/". This may bypass access control applied to the prefix...
9.8CVSS
9.4AI Score
0.002EPSS
Apache Karaf Cave: Cave SSRF and arbitrary file access
This issue affects all versions of Apache Karaf Cave. As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are....
6.5AI Score
0.0004EPSS
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be...
6.1CVSS
6AI Score
0.001EPSS
Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f)...
7.5AI Score
0.006EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
8.8CVSS
6.5AI Score
0.011EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
8.1CVSS
7AI Score
0.003EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
8.1CVSS
7AI Score
0.007EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
8.1CVSS
7AI Score
0.003EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
8.1CVSS
7AI Score
0.003EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
8.1CVSS
7AI Score
0.004EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
8.1CVSS
7AI Score
0.003EPSS
NeDi 1.9C - Cross-Site Scripting
NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...
6.1CVSS
6AI Score
0.001EPSS
(RHSA-2024:3573) Low: Red Hat build of Keycloak 22.0.11 Images enhancement and security update
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also...
6.7AI Score
0.001EPSS
(RHSA-2022:1988) Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404) kernel:...
8.4AI Score
0.975EPSS
The Difference Between API Gateway and WAAP ? and Why You Need Both
With these best-in-class security solutions, your organization can achieve a more secure and efficient digital...
7.4AI Score
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to...
9.8CVSS
9.5AI Score
0.002EPSS
(RHSA-2024:3576) Low: Red Hat build of Keycloak 24.0.5 Images enhancement and security update
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also...
6.6AI Score
0.0005EPSS
Build Numbers and Versions of Veeam Agent for Microsoft Windows
This KB article lists all versions of Veeam Agent for Microsoft Windows and their respective build...
3.9AI Score
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a Denial of Service, Server-side Request Forgery and XXE vulnerability affecting WebSphere Application Server have been published in security bulletins. Vulnerability...
7CVSS
7.3AI Score
0.0004EPSS
Magento Mass Importer <0.7.24 - Remote Auth Bypass
Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection...
9.8CVSS
9.5AI Score
0.056EPSS
(RHSA-2024:2941) Important: RHACS 4.4 enhancement and security update
This release of RHACS 4.4.2 provides the following bug fixes: Before this update, Collector pods on nodes with 128 or more cores would fail with a CrashLoopBackOff status due to issues with how the CO-RE BPF allocated kernel memory. The patch release fixes this issue. This release updates the...
7.5AI Score
0.0005EPSS
CVE-2023-45197 Adminer and AdminerEvo vulnerable to directory traversal and file upload
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
9.6AI Score
0.001EPSS
Build Numbers and Versions of Veeam Agent for Oracle Solaris
This KB article lists all versions of Veeam Agent for Oracle Solaris and their respective build...
3.2AI Score
List of Security Fixes and Improvements in Veeam Backup & Replication
This article describes all security-related fixes and improvements introduced in each release or update of Veeam Backup &...
2.2AI Score
K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383
Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...
7.2CVSS
6.5AI Score
0.0004EPSS
TIBCO Security Advisory: May 14, 2024 - TIBCO Hawk - CVE-2024-3182
**TIBCO Hawk install-time password disclosure vulnerability ** Original release date: May 14, 2024 Last revised: --- CVE-2024-3182 Source: TIBCO Software Inc. Products Affected TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3. Component Affected: TIBCO Hawk Universal Installer including the...
6.5CVSS
6.9AI Score
0.0004EPSS
Build Numbers and Versions of Veeam Agent for IBM AIX
This KB article lists all versions of Veeam Agent for IBM AIX and their respective build...
3.1AI Score
Summary The SANnav Management Portal and Global View products are affected due to a Jave SE issue. The affected issue has been addressed and can be resolved by applying the SANnav code level listed below. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968,...
7.4CVSS
7.1AI Score
0.002EPSS
CVE-2023-45197 Adminer and AdminerEvo vulnerable to directory traversal and file upload
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...
0.001EPSS
Denial of service in github.com/corazawaf/coraza/v2 and v3
Due to the misuse of log.Fatalf, Coraza may crash after receiving crafted requests from...
7.5CVSS
6.8AI Score
0.0005EPSS
A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This issue affects some unknown processing of the file /Duty/AjaxHandle/UpLoadFloodPlanFile.ashx of the component...
9.8CVSS
9.4AI Score
0.001EPSS
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the...
9.1CVSS
9.2AI Score
0.969EPSS
Summary There are multiple vulnerabilities in Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27983, CVE-2024-27980, CVE-2024-22329, CVE-2024-27982, CVE-2024-22354, CVE-2024-4068). Vulnerability Details ** CVEID: CVE-2024-27983 DESCRIPTION:...
7.5CVSS
9.2AI Score
EPSS
K000139698: Python vulnerabilities CVE-2016-5636, and CVE-2023-36632
Security Advisory Description CVE-2016-5636 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based...
8.3AI Score
0.028EPSS
In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
7.4AI Score
0.0004EPSS