Herbs & Flowers Dictionary Project Security Vulnerabilities
Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due.....
8.8CVSS
7.6AI Score
0.004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....
4.9CVSS
5.6AI Score
0.001EPSS
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be...
7.5CVSS
7.3AI Score
0.001EPSS
The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the...
5.4CVSS
5.3AI Score
0.002EPSS
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through...
8.8CVSS
4.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The...
8.8CVSS
8.9AI Score
0.001EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a....
7.2CVSS
7.8AI Score
0.002EPSS
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...
5.3CVSS
5.3AI Score
0.0004EPSS
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML...
4.3CVSS
4.6AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used....
8.8CVSS
8.6AI Score
0.001EPSS
Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...
9.8CVSS
9.6AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...
9.8CVSS
9.5AI Score
0.001EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert('xss') leads to cross site scripting. It is possible to initiate the attack...
6.1CVSS
6AI Score
0.001EPSS
Vulnerability of chroot build environment manager for creating RPM packages Mock is related to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
9.8CVSS
7.3AI Score
0.004EPSS
Impact A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a...
6.8AI Score
EPSS
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at...
9.8CVSS
9.7AI Score
0.002EPSS
org.apache.ambari, ambari is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to insufficient validation and constraint enforcement, resulting in a stored XSS. This could potentially be exploited to perform unauthorized actions, ranging from unauthorized data access to session...
6AI Score
0.0004EPSS
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...
9.8CVSS
7.8AI Score
EPSS
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users that....
7.2CVSS
7AI Score
0.001EPSS
llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already...
5.5CVSS
6.8AI Score
0.0004EPSS
llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious.....
6.5CVSS
6.9AI Score
0.001EPSS
9.6CVSS
6.9AI Score
0.001EPSS
ntpd has Dependency on Vulnerable Third-Party Component
During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...
6.9AI Score
PDF.js Vulnerability Demo Project This project is intended to...
7.2AI Score
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.5AI Score
0.0004EPSS
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.8AI Score
0.0004EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those...
4.3CVSS
6.5AI Score
0.001EPSS
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the...
5.5CVSS
5.1AI Score
0.0004EPSS
Local file inclusion in gradio
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio and was discovered in version 4.25. The vulnerability arises from improper input validation in the postprocess() function within gradio/components/json_component.py, where a user-controlled string is parsed as...
7.5CVSS
7.3AI Score
0.0004EPSS
Unlimited number of NTS-KE connections can crash ntpd-rs server
Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...
7.5CVSS
7AI Score
0.0004EPSS
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate...
5.9CVSS
5.3AI Score
0.001EPSS
project-drive.net Cross Site Scripting vulnerability OBB-3861813
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved. PoC 1. Open the Wordpress where the plugin is installed with default...
6.4AI Score
0.0004EPSS
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess() function within gradio/components/json_component.py, where a user-controlled string is parsed as JSON. If the parsed...
7.5CVSS
7.3AI Score
0.0004EPSS
Gitlab reports : Arbitrary repo read in Gitlab project...
7.5CVSS
7.5AI Score
0.002EPSS
CVE-2023-49676 CODESYS: Use after free vulnerability through corrupted project files
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free...
5.5CVSS
5.8AI Score
0.0004EPSS
Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...
5.4CVSS
7.2AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4j CVE-2021-44228 Lame useless repo to look into log4j...
8.8AI Score
SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...
4.3CVSS
6.8AI Score
0.0004EPSS
Local file inclusion in gradio
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio and was discovered in version 4.25. The vulnerability arises from improper input validation in the postprocess() function within gradio/components/json_component.py, where a user-controlled string is parsed as...
7.5CVSS
7.4AI Score
0.0004EPSS
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...
6.6AI Score
0.0004EPSS
Exploit for OS Command Injection in Gitlab
CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce...
9.9CVSS
8.5AI Score
0.455EPSS
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...
6.7AI Score
0.0004EPSS
Exploit for Off-by-one Error in F5 Nginx
CVE-2021-23017-PoC ``` pip install -r requirements.txt...
7.7CVSS
8.1AI Score
0.517EPSS
CVE-2024-27348 🪶 CVE-2024-27348 Proof of concept Exploit RCE...
7.5AI Score
0.001EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...
8.1AI Score
EPSS