Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious.....
6.5CVSS
6.9AI Score
0.001EPSS
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL...
9.8CVSS
7.8AI Score
EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those...
4.3CVSS
6.5AI Score
0.001EPSS
9.6CVSS
6.9AI Score
0.001EPSS
llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already...
5.5CVSS
6.8AI Score
0.0004EPSS
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to Private without restricted, restricted users that are project administrators keep this access right. Restricted users that....
7.2CVSS
7AI Score
0.001EPSS
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.5AI Score
0.0004EPSS
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.8AI Score
0.0004EPSS
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the...
5.5CVSS
5.1AI Score
0.0004EPSS
llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component...
5.5CVSS
6.6AI Score
0.0004EPSS
ntpd has Dependency on Vulnerable Third-Party Component
During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...
6.9AI Score
PDF.js Vulnerability Demo Project This project is intended to...
7.2AI Score
Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...
5.4CVSS
7.2AI Score
0.001EPSS
project-drive.net Cross Site Scripting vulnerability OBB-3861813
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate...
5.9CVSS
5.3AI Score
0.001EPSS
CVE-2023-49676 CODESYS: Use after free vulnerability through corrupted project files
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free...
5.5CVSS
5.8AI Score
0.0004EPSS
Gitlab reports : Arbitrary repo read in Gitlab project...
7.5CVSS
7.5AI Score
0.002EPSS
Unlimited number of NTS-KE connections can crash ntpd-rs server
Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...
7.5CVSS
7AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
log4j CVE-2021-44228 Lame useless repo to look into log4j...
8.8AI Score
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...
6.6AI Score
0.0004EPSS
Exploit for OS Command Injection in Gitlab
CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce...
9.9CVSS
8.5AI Score
0.455EPSS
SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...
4.3CVSS
6.8AI Score
0.0004EPSS
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the user_id to make it appear that a file was uploaded by another...
6.7AI Score
0.0004EPSS
CVE-2024-27348 🪶 CVE-2024-27348 Proof of concept Exploit RCE...
7.5AI Score
0.001EPSS
The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...
8.8CVSS
7.6AI Score
0.001EPSS
Exploit for Off-by-one Error in F5 Nginx
CVE-2021-23017-PoC ``` pip install -r requirements.txt...
7.7CVSS
8.1AI Score
0.517EPSS
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....
8.2CVSS
8AI Score
0.0004EPSS
Exploit for Cross-site Scripting in Dompdf Project Dompdf
CVE-2022-28368 - Dompdf RCE Dompdf RCE PoC Exploit ![alt...
9.8CVSS
9.7AI Score
0.161EPSS
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...
8.1AI Score
EPSS
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times,...
7.8CVSS
7.3AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
cve-2021-4034 PoC for cve-2021-4034 Based on the PoC by...
7.8CVSS
8.6AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
cve-2021-4034 PoC for cve-2021-4034 Based on the PoC by...
7.8CVSS
8.6AI Score
0.001EPSS
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....
8.2CVSS
8.1AI Score
0.0004EPSS
Atlassian Jira 7.13 < 8.5.5 Jira Project Key Information Disclosure (JRASERVER-70565)
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.x prior to 8.5.5. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, to determine if a Jira...
5.3CVSS
5.3AI Score
0.002EPSS
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter...
6.1CVSS
5.8AI Score
0.0005EPSS
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another....
9.1CVSS
7AI Score
0.001EPSS
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard....
4.8CVSS
7.2AI Score
0.001EPSS
h3. Issue Summary If within a project the 'Browse Project Archive' and 'Browse Project' permissions are granted to 'Group Custom Field' or to the 'Reporter' option within the permission scheme, the project will become available to search for any user with the 'Browse Project Archive' permission in....
6.6AI Score
Exploit for Use After Free in Microsoft
PoC for CVE-2023-36802 Exploit targeting MSKSSRV.SYS driver....
7.8CVSS
8AI Score
0.001EPSS
CVE-2024-36399 Kanboard affected by Project Takeover via IDOR in ProjectPermissionController
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....
8.2CVSS
6.5AI Score
0.0004EPSS
CVE-2024-36399 Kanboard affected by Project Takeover via IDOR in ProjectPermissionController
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users.....
8.2CVSS
0.0004EPSS
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
9.5AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in tutrantta project_todolist. Affected is the function getAffectedRows/where/insert/update in the library library/Database.php. The manipulation leads to sql injection. The name of the patch is 194a0411bbe11aa4813f13c66b9e8ea403539141......
9.8CVSS
9.7AI Score
0.002EPSS
PDF.js Vulnerability Demo Project This project is intended to...
7.2AI Score
Exploit for Link Following in Git
Poc for CVE-2024-32002, the script made from the developer's...
9CVSS
9.2AI Score
0.002EPSS
Exploit for Insufficiently Protected Credentials in Rpc.Py Project Rpc.Py
rpc.py 0.6.0...
9.8CVSS
8.1AI Score
0.111EPSS
CVE-2024-4956 This repository contains a Python utility for...
7.5CVSS
7.6AI Score
0.013EPSS
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:10:30 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_jun2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...
5.9CVSS
4.6AI Score
0.0004EPSS