An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web...
9.8CVSS
9.6AI Score
0.003EPSS
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL"...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for...
8.1CVSS
7.9AI Score
0.002EPSS
A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets...
5.4CVSS
5.4AI Score
0.001EPSS
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become...
9.8CVSS
9.5AI Score
0.002EPSS
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to...
9.8CVSS
9.9AI Score
0.002EPSS
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url...
6.1CVSS
6.5AI Score
0.001EPSS
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to...
6.1CVSS
6.3AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent...
6.1CVSS
6.1AI Score
0.001EPSS
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to...
6.1CVSS
6.2AI Score
0.001EPSS
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save...
5.4CVSS
5.4AI Score
0.001EPSS
4.8CVSS
5AI Score
0.001EPSS
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar...
7.2CVSS
7.4AI Score
0.003EPSS
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip...
4.8CVSS
5.2AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component...
8.8CVSS
9.2AI Score
0.002EPSS
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component...
8.8CVSS
9.2AI Score
0.002EPSS
The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with...
9.8CVSS
9.7AI Score
0.037EPSS
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in...
7.2CVSS
7.3AI Score
0.043EPSS
A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative...
9.8CVSS
10AI Score
0.011EPSS
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds...
9.1CVSS
9.1AI Score
0.002EPSS
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized...
7.5CVSS
8.2AI Score
0.001EPSS
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in...
9.8CVSS
10AI Score
0.002EPSS
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via...
9.1CVSS
9.2AI Score
0.003EPSS
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new...
5.4CVSS
5.3AI Score
0.002EPSS
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book ,...
7.8CVSS
7.6AI Score
0.0004EPSS
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel,...
8.4CVSS
8.3AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database...
7.5CVSS
7.9AI Score
0.003EPSS
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL...
9.8CVSS
8AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in...
6.1CVSS
5.9AI Score
0.003EPSS
7.5CVSS
7.5AI Score
0.002EPSS
5.4CVSS
5.3AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified...
8.8CVSS
8.8AI Score
0.002EPSS
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted...
7.3CVSS
7.5AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
A CSRF vulnerability in Settings form in the Custom Simple Rss plugin 2.0.6 for WordPress allows attackers to change the plugin...
6.5CVSS
6.4AI Score
0.001EPSS
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation...
8.8CVSS
8.6AI Score
0.005EPSS
SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in...
7.5CVSS
7.7AI Score
0.002EPSS
The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third...
9.8CVSS
9.4AI Score
0.009EPSS
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to...
9.8CVSS
9.6AI Score
0.492EPSS
The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...
6.8CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6.5AI Score
0.001EPSS
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to...
5.4CVSS
5.5AI Score
0.001EPSS
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this...
8.8CVSS
8.6AI Score
0.02EPSS
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php...
4.8CVSS
4.7AI Score
0.001EPSS
6.1CVSS
5.5AI Score
0.001EPSS
4.8CVSS
4.8AI Score
0.001EPSS
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via...
8.8CVSS
8.7AI Score
0.002EPSS
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via...
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension...
9.8CVSS
9.3AI Score
0.133EPSS
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.3AI Score
0.004EPSS