Prison Management System - SQL Injection Authentication Bypass
Sql injection vulnerability was found on the login page in Prison Management...
6.8AI Score
EPSS
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
6.8AI Score
0.0004EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
6.1CVSS
6.9AI Score
0.0005EPSS
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
0.0005EPSS
Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /...."...
7.5CVSS
7.3AI Score
0.006EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
8.1AI Score
0.0004EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
0.0004EPSS
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...
8.8CVSS
8.9AI Score
0.001EPSS
This plugin parses the patch information from the SCCM server provided in order to determine if the system scanned is managed by the SCCM server. If so, the plugin then determines which patches are missing from the target system. This plugin will use the information provided from the SCCM server...
2.1AI Score
Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...
7.2AI Score
0.0005EPSS
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: ...
9.8CVSS
8.9AI Score
0.001EPSS
Symantec Management Console Installed
The Symantec Management Console is installed on the remote Windows host, which is a part of Symantec Management...
1.2AI Score
Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware
CVE-2023-43261 - PoC Critical Vulnerability Exposes...
7.5CVSS
7.9AI Score
0.007EPSS
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
8.3AI Score
0.0004EPSS
Intel Management Engine Active Management Technology (AMT) Remote Access Enabled
The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and is remotely...
1.4AI Score
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...
0.0004EPSS
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...
0.0004EPSS
ForgeRock Access Management Detection
ForgeRock Access Management, also known as OpenAM, was detected on the remote...
2.4AI Score
K000138460: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2024-20960 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access...
6.5CVSS
6.1AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...
7.5CVSS
7.9AI Score
0.0004EPSS
Plone CMS Improper Session Management
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the...
7.3AI Score
0.011EPSS
Description The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create.....
6.5CVSS
6.9AI Score
0.0005EPSS
Open Access Management Detection
Open Access Management (OpenAM), was detected on the remote...
1.6AI Score
7.2AI Score
EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
0.0005EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.7AI Score
0.0005EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
0.0005EPSS
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically...
3.7CVSS
6.7AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been...
5.9CVSS
6.5AI Score
0.0004EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.1CVSS
6.5AI Score
0.0005EPSS
K000140188: PostgreSQL vulnerability CVE-2024-0985
Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...
8CVSS
8.1AI Score
0.001EPSS
co-free.julius-kuehn.de Cross Site Scripting vulnerability OBB-3870099
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
K000140189: Linux kernel vulnerability CVE-2021-47572
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....
5.5CVSS
6.4AI Score
0.0004EPSS
Summary IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s)| Version(s) ---|---...
5.9CVSS
5.7AI Score
0.0004EPSS
Oracle Business Process Management Installed
Oracle Business Process Management, a tool for managing business processes, is installed on the remote...
1AI Score
Pivotal RabbitMQ Management Plugin Detection
Pivotal RabbitMQ server with the Management plugin is running on the remote host. RabbitMQ is a message broker application that uses AMQP for communications, and the Management plugin uses HTTP for managing the...
0.8AI Score
CVE-2024-1313 Users outside an organization can delete a snapshot with its key
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the permission to write/edit...
6.5CVSS
6.7AI Score
0.0004EPSS
Cisco Energy Management Web Detection
Cisco Energy Management, a power management solution for IT assets, was detected based on the web...
2.1AI Score
Oracle Business Transaction Management Detection
The remote web server hosts Oracle Business Transaction Management, a transaction management system that is used for tracking the flow of transactions across IT...
2.3AI Score
OpenStack Identity Keystone Improper Privilege Management
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same...
7.1AI Score
0.003EPSS
CyberPower PowerPanel Business Management Detection
The CyberPower PowerPanel Business Management, a power management application, is running on the remote...
7AI Score
Dell Wyse Management Suite Installed
Dell Wyse Management Suite, a solution for managing Dell endpoints, is installed on the remote...
1AI Score
SonicWALL Universal Management Suite Detection
SonicWALL Universal Management Suite is running on the remote host. This typically indicates that Dell SonicWALL Global Management System (GMS) / Analyzer is also...
7.1AI Score
Patch Management: Symantec Altiris Report
This plugin uses the missing patch information and host information retrieved from the Symantec Altiris database to generate a report summarizing the system. If the system is not managed, the report will indicate as...
0.4AI Score
Patch Management: Symantec Altiris Settings
This plugin initializes the Symantec Altiris server settings as set by the user. To set the settings, edit your scan policy and go to the section 'Preferences'. This does not connect to the target...
0.8AI Score
Patch Management: SCCM Server Settings
This plugin initializes the SCCM server credentials as set by the user. To set the credentials, edit your scan policy and go to the section 'Credentials'. This plugin does not connect to the target...
0.9AI Score
Malicious code in ing-feat-grants-management (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (221a8c8dc0ff1aa5360d2c6a5cf5879024000e3626e73c22bcc1990fd6408278) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7.2AI Score
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosted_domain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...
7.5CVSS
7.6AI Score
0.0004EPSS
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted...