Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request...
5.6CVSS
6.9AI Score
0.001EPSS
Linux kernel (Azure) vulnerabilities
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux-azure - Linux kernel for Microsoft Azure Cloud systems Details Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability....
7.8CVSS
7.4AI Score
0.0004EPSS
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment...
7.5CVSS
7.9AI Score
0.087EPSS
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email...
7.5CVSS
8AI Score
0.087EPSS
College Management System 1.0 - SQL Injection
College Management System 1.0 contains a SQL injection vulnerability via the course code...
8.8CVSS
9AI Score
0.596EPSS
7.4AI Score
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname...
7.5CVSS
8AI Score
0.121EPSS
CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging...
9.8CVSS
9.1AI Score
0.944EPSS
Faculty Evaluation System v1.0 - SQL Injection
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.007EPSS
Doctor Appointment System 1.0 - SQL Injection
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System...
6.5CVSS
7AI Score
0.02EPSS
HPE System Management - Cross-Site Scripting
HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
5.4CVSS
5.5AI Score
0.967EPSS
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for...
4.4CVSS
6.6AI Score
0.0004EPSS
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...
6.4AI Score
0.0004EPSS
Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...
9.1CVSS
8.6AI Score
0.002EPSS
[Continual Calling to addAccountExplicitly Causes Permanent DoS to Android System]
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.4AI Score
0.0004EPSS
Vehicle Service Management System 1.0 - Cross Site Scripting
Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login...
4.8CVSS
4.9AI Score
0.001EPSS
Simple Employee Records System 1.0 - Unrestricted File Upload
Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command...
7.2CVSS
7.3AI Score
0.038EPSS
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...
6.4AI Score
0.0004EPSS
7.4CVSS
7.1AI Score
0.0004EPSS
System Dashboard < 2.8.10 - XSS via Header Injection
Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks PoC X-Forwarded-For:...
5.9AI Score
0.0004EPSS
October System module has an Open Redirect for Administrator Accounts
Impact This advisory affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an open redirect outside the scope of the active host. This...
3.5CVSS
6.5AI Score
0.001EPSS
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to...
5.4CVSS
5.3AI Score
0.037EPSS
Academy Learning Management System <5.9.1 - Cross-Site Scripting
Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
6.1CVSS
6.1AI Score
0.002EPSS
Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability
Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...
4.3CVSS
6.3AI Score
0.0004EPSS
Security Advisory - Path Traversal Vulnerability in Huawei Home Music System
Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a...
6.7AI Score
EPSS
School Dormitory Management System 1.0 - SQL Injection
School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/payment_history.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...
9.8CVSS
9.9AI Score
0.116EPSS
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
6.1CVSS
6.3AI Score
0.003EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.011EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
Advanced Comment System 1.0 - Local File Inclusion
ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f...
7.5CVSS
7.4AI Score
0.158EPSS
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local...
Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-kvm - Linux kernel for cloud environments linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty Details Zheng Wang discovered that...
5.5CVSS
5.9AI Score
0.0004EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.9AI Score
0.016EPSS
Rosario Student Information System Unauthenticated SQL Injection
An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear...
9.8CVSS
9.9AI Score
0.044EPSS
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user...
9.8CVSS
9.9AI Score
0.076EPSS
ECOA Building Automation System - Arbitrary File Retrieval
The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system...
7.5CVSS
7.4AI Score
0.024EPSS
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...
7.8CVSS
7AI Score
0.0004EPSS
Salon booking system < 10.0 - Unauthenticated Arbitrary File Deletion
Description The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to....
9.1CVSS
9.6AI Score
0.0004EPSS
Exploit for Incorrect Default Permissions in Vmware Cloud Foundation
CVE-2022-22948 Information Disclosure in VMWare vCenter ...
6.5CVSS
6.6AI Score
0.012EPSS
Simple Task Managing System v1.0 - SQL Injection
SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database...
9.8CVSS
9.9AI Score
0.004EPSS
Bank Locker Management System v1.0 - SQL Injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql...
9.8CVSS
9.7AI Score
0.065EPSS
Faculty Evaluation System v1.0 - Remote Code Execution
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via...
7.2CVSS
7.3AI Score
EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date...
8.8CVSS
9.1AI Score
0.001EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
Cyber Cafe Management System 1.0 - SQL Injection
Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the....
9.8CVSS
10AI Score
0.134EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.9AI Score
0.016EPSS
Diary Management System 1.0 - Cross-Site Scripting
Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in...
6.1CVSS
6AI Score
0.003EPSS
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of...
8.8CVSS
9AI Score
0.541EPSS
CVE-2024-22279 - GoRouter Denial of Service Attack | Cloud Foundry
Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Routing Release > v0.273.0 and <= v0.297.0 CF Deployment > v30.9.0 and <= v40.13.0 Description Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker ca...
7.5CVSS
6.7AI Score
0.0005EPSS