7.5AI Score
9.7AI Score
0.002EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-werkzeug, py3-tensorflow-serving-api,...
7.5AI Score
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-werkzeug, py3-tensorflow-serving-api,...
7.7AI Score
0.001EPSS
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an...
5.2AI Score
0.0004EPSS
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to...
8.7AI Score
0.002EPSS
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: jwt-tool, py3-tensorflow-serving-api, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5AI Score
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious...
5.4AI Score
0.001EPSS
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: jwt-tool, py3-tensorflow-serving-api, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
5.3AI Score
0.0004EPSS
raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded into....
6AI Score
0.0005EPSS
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The.....
5.3AI Score
0.001EPSS
Genie Path Traversal vulnerability via File Uploads
Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...
7.2AI Score
0.0004EPSS
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, k8s-sidecar, kube-downscaler, dask-gateway, kubeflow-jupyter-web-app,...
8AI Score
0.001EPSS
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, k8s-sidecar, kube-downscaler, dask-gateway, kubeflow-jupyter-web-app,...
7.5AI Score
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to...
6.5AI Score
0.001EPSS
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information...
7.8AI Score
0.0005EPSS
The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in...
7.1AI Score
0.0004EPSS
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On...
6.7AI Score
0.0005EPSS
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The.....
5.4CVSS
5.3AI Score
0.001EPSS
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (*) then an attacker can...
5.9AI Score
0.001EPSS
Reportico Web fails to invalidate cookies upon logout
An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the...
6.4AI Score
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized...
7.7AI Score
0.001EPSS
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability...
7.1AI Score
0.0005EPSS
7.4AI Score
0.002EPSS
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be.....
5.1AI Score
0.001EPSS
A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public....
5.1AI Score
0.001EPSS
A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.....
5.2AI Score
0.001EPSS
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch.....
7AI Score
0.002EPSS
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection....
7.5AI Score
0.003EPSS
A vulnerability was found in Ariadne Component Library up to 2.x. It has been classified as critical. Affected is an unknown function of the file src/url/Url.php. The manipulation leads to server-side request forgery. Upgrading to version 3.0 is able to address this issue. It is recommended to...
9.6AI Score
0.002EPSS
A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has...
6.2AI Score
0.001EPSS
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
9.7AI Score
0.002EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. The attack may be....
6.1CVSS
6.1AI Score
0.001EPSS
Apache Zeppelin CSRF vulnerability in the Credentials page
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior...
6.9AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection....
9.8CVSS
8.1AI Score
0.003EPSS
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this...
7.5CVSS
8AI Score
0.001EPSS
A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword...
7.5CVSS
7.6AI Score
0.001EPSS
reportico-web/reportico is vulnerable to Improper Session Management. The vulnerability is due to improper handling of session tokens, which allows an attacker to reuse a token after a user has logged...
7AI Score
Apache Axis is vulnerable to Improper Input Validation. The vulnerability is caused due to improper input validation in the getService method within ServiceFactory.java. This can potentially lead to Denial of Service, Server Side request forgery, or Remote Code Execution...
7.2AI Score
0.002EPSS
Server Side Request Forgery (SSRF)
org.apache.axis: axis is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to the getService function within ServiceFactory.java because there is no validation for the jndiName. This allows users with access to the admin service to perform possible...
7.1AI Score
0.001EPSS
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...
5.9AI Score
A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the.....
5.4CVSS
5.3AI Score
0.001EPSS
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
9.3AI Score
0.002EPSS
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the...
9.8CVSS
8.1AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has...
5.4CVSS
6.6AI Score
0.001EPSS
The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against.....
8.8CVSS
8.6AI Score
0.002EPSS
7.3AI Score
9.5AI Score
0.002EPSS
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, py3-urllib3, kubeflow-jupyter-web-app, k8s-sidecar,...
7.3AI Score
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5AI Score
0.001EPSS