RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019
This module exposes Drupal resources (e.g. entities) as RESTful web services. The module doesn't sufficiently restrict access for user...
7.2AI Score
Reportico Web fails to invalidate cookies upon logout
An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the...
6.8AI Score
EPSS
Misleading UI design: Settings -> VPN
In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
6.8AI Score
0.0004EPSS
WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and....
9.8CVSS
9.5AI Score
0.799EPSS
Amcrest IP Camera Web Management - Data Exposure
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative...
9.8CVSS
9.6AI Score
0.929EPSS
Juniper Web Device Manager - Cross-Site Scripting
Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal...
6.1CVSS
6.5AI Score
0.436EPSS
KR-Web <=1.1b2 - Remote File Inclusion
KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT...
7.5AI Score
0.008EPSS
Smart Office Web 20.28 - Information Disclosure
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to...
7.5CVSS
7.3AI Score
0.014EPSS
ZEROF Web Server 1.0 - SQL Injection
ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login...
9.8CVSS
10AI Score
0.071EPSS
T24 Web Server - Local File Inclusion
T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from...
7.5CVSS
7.5AI Score
0.017EPSS
Microstrategy Web 7 - Local File Inclusion
Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE:...
4.3CVSS
4.4AI Score
0.002EPSS
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
9.9AI Score
0.001EPSS
Remote code execution in web server context
User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web...
7.5AI Score
Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's...
5.3CVSS
5.3AI Score
0.001EPSS
Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution
'Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be...
9.8CVSS
9.8AI Score
0.969EPSS
Joomla! Component Web TV 1.0 - Local File Inclusion
A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to...
5.7AI Score
0.046EPSS
CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution
CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information,...
9.8CVSS
9.9AI Score
0.974EPSS
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the.....
Apache Zeppelin CSRF vulnerability in the Credentials page
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior...
6.9AI Score
0.0004EPSS
rolf-sander.net Improper Access Control vulnerability OBB-3860291
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...
2.6CVSS
6.9AI Score
0.0004EPSS
Artica Web Proxy 4.30 - OS Command Injection
Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via...
8.8CVSS
8.7AI Score
0.961EPSS
BOA Web Server 0.94.14 - Arbitrary File Access
BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access...
7.5CVSS
7.6AI Score
0.735EPSS
Centos Web Panel 0.9.8.480 - Local File Inclusion
Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this...
7.5CVSS
7.9AI Score
0.949EPSS
ZEROF Web Server 2.0 - Cross-Site Scripting
ZEROF Web Server 2.0 allows /admin.back cross-site...
6.1CVSS
6AI Score
0.001EPSS
Tiny Java Web Server - Cross-Site Scripting
A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error...
6.1CVSS
6AI Score
0.003EPSS
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This...
7.8AI Score
0.0004EPSS
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...
7AI Score
0.002EPSS
SAP Web Application Server 6.x/7.0 - Open Redirect
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl...
6.7AI Score
0.028EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-36478 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer...
7.5CVSS
9.5AI Score
0.732EPSS
FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...
5.4CVSS
5.3AI Score
0.029EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote...
7.8CVSS
7.4AI Score
0.001EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to...
9.1CVSS
10AI Score
EPSS
Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure
Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they...
5.3CVSS
6.4AI Score
0.0004EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-20932 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote.....
7.5CVSS
6.9AI Score
0.001EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote.....
7.5CVSS
7AI Score
0.001EPSS
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...
2.6CVSS
7.1AI Score
0.0004EPSS
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-40167 DESCRIPTION: **Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1...
6.5CVSS
8.5AI Score
0.001EPSS
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary...
Oracle iPlanet Web Server 7.0.x - Authentication Bypass
Oracle iPlanet Web Server 7.0.x has incorrect access control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE a related support policy can be found in the www.oracle.com references attached to this...
7.5CVSS
5.5AI Score
0.973EPSS
Mattermost crashes web clients via a malformed custom status
Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom...
4.3CVSS
4.5AI Score
0.0004EPSS
Ruby on Rails Web Console - Remote Code Execution
Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to...
6.1AI Score
0.929EPSS
SonicWall GMS and Analytics Web Services - Shell Injection
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier...
9.8CVSS
9.3AI Score
0.052EPSS
Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...
8.8CVSS
8.1AI Score
0.031EPSS
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick...
8.1CVSS
4.1AI Score
0.0005EPSS
Aruba VAN SDN Controller Detection
Aruba Virtual Application Networks (VAN) Software Defined Networking (SDN) controller, a unified control point in an OpenFlow-enabled network, is running on the remote...
1.4AI Score
SolarWinds Web Help Desk - Web Detection
The web interface for SolarWinds Web Help Desk was detected on the remote...
0.6AI Score
Summary IBM Sterling Connect:Direct Web Services uses Spring-Web. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-44794 DESCRIPTION: **Dromara SaToken and SpringBoot could allow a remote authenticated attacker to gain elevated...
9.8CVSS
7AI Score
0.002EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: dask-gateway, request-1276, ggshield, kubeflow-pipelines, py3-idna, confluent-docker-utils, kubeflow-pipelines-visualization-server, kubeflow-katib, kubeflow-jupyter-web-app, py3-cassandra-medusa, k8s-sidecar,...
7.3AI Score