Amcrest IP Camera Web Management - Data Exposure
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative...
9.8CVSS
9.6AI Score
0.929EPSS
The School Management < 9.9.7 - Remote Code Execution
The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the...
9.8CVSS
9.7AI Score
0.166EPSS
HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
HashiCorp Vault Improper Privilege Management in...
9.1CVSS
6.7AI Score
0.002EPSS
HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
HashiCorp Vault Improper Privilege Management in...
5.3CVSS
6.7AI Score
0.001EPSS
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
...
7.4AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.2AI Score
0.011EPSS
Exploit for SQL Injection in Fortinet Forticlient Enterprise Management Server
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection...
9.8CVSS
8.6AI Score
0.711EPSS
Security Bulletin: EDB Postgres Advanced Server (EPAS)
Summary This security bulletin identifies a set of common vulnerabilities that have been addressed in EDB Postgres Advanced Server with IBM 15.4. Vulnerability Details ** CVEID: CVE-2023-41113 DESCRIPTION: **EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to...
9.8CVSS
8.7AI Score
0.001EPSS
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_user.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.3AI Score
0.011EPSS
Schools Alert Management Script - Arbitrary File Read
Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path...
7.5CVSS
7.4AI Score
0.324EPSS
Summary External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some...
4.3CVSS
7.1AI Score
0.001EPSS
Extreme Management Center 8.4.1.24 - Cross-Site Scripting
Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
6.1CVSS
6.1AI Score
0.003EPSS
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/view_car.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.3AI Score
0.011EPSS
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?car_id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.3AI Score
0.011EPSS
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.3AI Score
0.012EPSS
Microsoft Open Management Infrastructure - Remote Code Execution
Microsoft Open Management Infrastructure is susceptible to remote code execution...
9.8CVSS
9.7AI Score
0.975EPSS
Dahua Smart Park Management - Arbitrary File Upload
Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions,...
9.8CVSS
7.8AI Score
0.029EPSS
Exploit for Improper Ownership Management in Linux Linux Kernel
typora-copy-images-to: ./image CVE-2023-0386 Exp...
7.8CVSS
7.7AI Score
0.0004EPSS
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register...
6.1CVSS
6.3AI Score
0.001EPSS
Purchase Order Management v1.0 - SQL Injection
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username...
9.8CVSS
10AI Score
0.002EPSS
Purchase Order Management v1.0 - SQL Injection
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at...
9.8CVSS
10AI Score
0.002EPSS
Directory Management System 1.0 - SQL Injection
Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the.....
9.8CVSS
10AI Score
0.134EPSS
Hospital Management System 4.0 - SQL Injection
Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of.....
8.8CVSS
9.3AI Score
0.384EPSS
Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel
RNDIS-CO Summary The RNDIS USB Gadget may be exploited...
6.9AI Score
8.6CVSS
8.8AI Score
0.002EPSS
Cooked – Recipe Management <= Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Cooked – Recipe Management recipe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _recipe_settings[post_title] parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows...
5.4CVSS
5.8AI Score
0.0004EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
0.001EPSS
College Management System 1.0 - SQL Injection
College Management System 1.0 contains a SQL injection vulnerability via the course code...
8.8CVSS
9AI Score
0.596EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
7.5CVSS
6.4AI Score
0.001EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
6.7AI Score
0.001EPSS
Purchase Order Management v1.0 - SQL Injection
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.9AI Score
0.002EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
7.5CVSS
0.001EPSS
Purchase Order Management v1.0 - SQL Injection
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is...
9.8CVSS
9.9AI Score
0.025EPSS
HPE System Management - Cross-Site Scripting
HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
5.4CVSS
5.5AI Score
0.967EPSS
HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
5.5CVSS
6.9AI Score
0.0004EPSS
Vehicle Service Management System 1.0 - Cross Site Scripting
Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login...
4.8CVSS
4.9AI Score
0.001EPSS
CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin...
5.4CVSS
5.4AI Score
0.001EPSS
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to...
5.4CVSS
5.3AI Score
0.037EPSS
Academy Learning Management System <5.9.1 - Cross-Site Scripting
Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
6.1CVSS
6.1AI Score
0.002EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
7AI Score
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
0.0004EPSS
An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...
0.0004EPSS
School Dormitory Management System 1.0 - SQL Injection
School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/payment_history.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...
9.8CVSS
9.9AI Score
0.116EPSS
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
6.1CVSS
6.3AI Score
0.003EPSS
Moodle CSRF risk in analytics management of models
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...
6.4AI Score
0.0004EPSS
AD CS Certificate Template Management
This module can create, read, update, and delete AD CS certificate templates from a Active Directory Domain Controller. The READ, UPDATE, and DELETE actions will write a copy of the certificate template to disk that can be restored using the CREATE or UPDATE actions. The CREATE and UPDATE actions.....
7.2AI Score
Bank Locker Management System v1.0 - SQL Injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql...
9.8CVSS
9.7AI Score
0.065EPSS
Cyber Cafe Management System 1.0 - SQL Injection
Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the....
9.8CVSS
10AI Score
0.134EPSS