A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to...
4.8CVSS
6.7AI Score
0.001EPSS
A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting......
6.1CVSS
6.7AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can...
6.1CVSS
6.1AI Score
0.001EPSS
Improper Input Validation vulnerability in Izmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before...
9.8CVSS
9.3AI Score
0.001EPSS
Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before...
9.8CVSS
9.3AI Score
0.001EPSS
spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is....
6.7AI Score
0.0004EPSS
A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...
8.8CVSS
8.7AI Score
0.001EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can...
6AI Score
0.001EPSS
In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A....
7.5AI Score
0.0004EPSS
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
Impact Denial of Service, Applications that allow the use of the PBKDF2 algorithm. Patches A patch is available that sets the maximum number of default rounds. Workarounds Applications that do not need to use PBKDF2 should simply specify the algorithms use and exclude it from the list....
6.7AI Score
0.0004EPSS
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
Impact Denial of Service, Applications that allow the use of the PBKDF2 algorithm. Patches A patch is available that sets the maximum number of default rounds. Workarounds Applications that do not need to use PBKDF2 should simply specify the algorithms use and exclude it from the list....
6.8AI Score
0.0004EPSS
About the security content of iTunes 12.13.2 for Windows
About the security content of iTunes 12.13.2 for Windows This document describes the security content of iTunes 12.13.2 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
7.3AI Score
0.0004EPSS
‘Malicious Activity’ Hits the University of Cambridge’s Medical School
Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the “malicious...
7.5AI Score
A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...
8.8CVSS
6.8AI Score
0.001EPSS
github-slug-action vulnerable to arbitrary code execution
Impact This action uses the github.head_ref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. (Note that...
8.8AI Score
0.001EPSS
FreeBSD : xymon-server -- multiple vulnerabilities (10e1d580-d174-11e9-a87f-a4badb2f4699)
Japheth Cleaver reports : Several buffer overflows were reported by University of Cambridge Computer Security Incident Response...
8.1AI Score
Updated apache packages fix security vulnerabilities
Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames (cve.mitre.org) HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in.....
7.2AI Score
0.0004EPSS
About the security content of tvOS 17.5
About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
5.8AI Score
0.0004EPSS
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
5.8AI Score
0.0004EPSS
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail...
7.7AI Score
0.118EPSS
Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port...
8.4AI Score
0.132EPSS
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long...
7.8AI Score
0.075EPSS
Exploit for Code Injection in Unicode
CVE-2021-42574 - Code generator // Update: 05.11.2021 ...
7.4AI Score
0.002EPSS
Exploit for Code Injection in Unicode
CVE-2021-42574 - Code generator // Update: 05.11.2021 ...
9.1AI Score
0.002EPSS
About the security content of macOS Sonoma 14.5
About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
8.1AI Score
0.001EPSS
Fedora: Security Advisory for exim (FEDORA-2021-89cb264e4d)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for exim (FEDORA-2021-5697574fd1)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for exim (FEDORA-2021-4eaf89b133)
The remote host is missing an update for...
7.5AI Score
Mozilla Firefox Security Advisory (MFSA2016-43) - Deprecated
This host is missing a security update for Mozilla Firefox. This VT has been deprecated and is therefore no longer...
6.9AI Score
0.004EPSS
7.6AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: jflex-1.7.0-18.fc40
JFlex is a lexical analyzer generator (also known as scanner generator) for Java, written in Java. It is also a rewrite of the very useful tool JLex which was developed by Elliot Berk at Princeton University. As Vern Paxson states for his C/C++ tool flex: They do not share any code though. ...
7AI Score
0.0004EPSS
About the security content of iOS 17.5 and iPadOS 17.5
About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.5AI Score
0.001EPSS
8.4AI Score
0.952EPSS
Cookie consent choices are just being ignored by some websites
In news that is, sadly, unlikely to shock you, new research indicates that many websites ignore visitors' choices to refuse cookies and collect their data anyway. Researchers at the University of Amsterdam (UvA) analyzed 85,000 European websites and came to the conclusion that 90% of them violated....
7AI Score
A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting......
6.1CVSS
6.5AI Score
0.001EPSS
A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to...
4.8CVSS
6.5AI Score
0.001EPSS
7.8AI Score
0.001EPSS
7.7AI Score
0.952EPSS
Exploit for Vulnerability in Moodle
CVE-2021-36394-Pre-Auth-RCE-in-Moodle Vulnerability...
9.7AI Score
0.004EPSS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can...
6.1CVSS
6.5AI Score
0.001EPSS
XStream can be used for Remote Code Execution
Impact The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.14. Workarounds No user is affected, who...
9.8CVSS
0.7AI Score
0.974EPSS
Cross site request forgery (csrf)
A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...
8.8CVSS
8.6AI Score
0.001EPSS
U.S. Dept Of Defense: Xss - ███
Hi teams, Parameter: goal[1][Costs] ███ Burp request POST /HRO/Training/idpgenerate.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw Accept: / Referer: https://██████/ Cookie: PHPSESSID=l7c1vrsg3dbkgsp2lturjs6kca; session=expiry=1706891234033569;...
7.1AI Score
RedHat Update for wpa_supplicant RHSA-2017:2907-01
The remote host is missing an update for...
7.7AI Score
0.004EPSS
RedHat Update for wpa_supplicant RHSA-2017:2911-01
The remote host is missing an update for...
7.7AI Score
0.004EPSS
6.8AI Score
0.004EPSS
6.7AI Score
0.076EPSS
7.2AI Score
0.951EPSS
7.2AI Score
0.951EPSS
RedHat Security Advisory RHSA-2009:1159
The remote host is missing updates announced in advisory RHSA-2009:1159. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space...
8.1AI Score
0.006EPSS