| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7195 | Hig | 0.57 | 8.8 | 0.00 | Jun 2, 2026 | CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote… | ||
| CVE-2026-39555 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1. | ||
| CVE-2026-39553 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4. | ||
| CVE-2026-39552 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5. | ||
| CVE-2026-10622 | Hig | 0.53 | 8.2 | 0.00 | Jun 2, 2026 | Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints. | ||
| CVE-2026-10621 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended… | ||
| CVE-2025-69369 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0. | ||
| CVE-2025-68886 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8. | ||
| CVE-2025-58897 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0. | ||
| CVE-2025-58707 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8. | ||
| CVE-2019-25719 | Hig | 0.56 | 8.6 | 0.00 | Jun 2, 2026 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service… | ||
| CVE-2026-42685 | Hig | 0.46 | 7.1 | 0.00 | Jun 2, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1. | ||
| CVE-2026-42670 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14. | ||
| CVE-2026-42669 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0. | ||
| CVE-2026-39551 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | ||
| CVE-2026-39550 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | ||
| CVE-2025-58705 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12. | ||
| CVE-2025-58024 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1. | ||
| CVE-2025-53440 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4. | ||
| CVE-2026-5422 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator,… | ||
| CVE-2025-53345 | Hig | 0.57 | 8.8 | 0.00 | Jun 2, 2026 | Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3. | ||
| CVE-2025-52759 | Hig | 0.46 | 7.1 | 0.00 | Jun 2, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1. | ||
| CVE-2026-3514 | Hig | 0.42 | 7.5 | 0.00 | Jun 2, 2026 | In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication… | ||
| CVE-2026-1784 | Hig | 0.57 | 8.8 | 0.00 | Jun 2, 2026 | The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy… | ||
| CVE-2026-8293 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without… | ||
| CVE-2026-25277 | Hig | 0.57 | 8.8 | 0.00 | Jun 1, 2026 | Memory corruption while using Strongbox due to buffer overflow. | ||
| CVE-2026-25276 | Hig | 0.57 | 8.8 | 0.00 | Jun 1, 2026 | Memory corruption while using Strongbox due to missing bounds check. | ||
| CVE-2026-25260 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications. | ||
| CVE-2026-25259 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory corruption while processing multiple IOCTL command for escape operations. | ||
| CVE-2026-25258 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory corruption while processing IOCTL calls for escape operations. | ||
| CVE-2026-24782 | Hig | 0.49 | 7.6 | 0.01 | Jun 1, 2026 | Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and… | ||
| CVE-2026-24752 | Hig | 0.53 | 8.2 | 0.00 | Jun 1, 2026 | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a… | ||
| CVE-2026-24092 | Hig | 0.47 | 7.2 | 0.00 | Jun 1, 2026 | Memory Corruption when processing fastboot commands to set display mode. | ||
| CVE-2026-24091 | Hig | 0.47 | 7.2 | 0.00 | Jun 1, 2026 | Memory corruption while processing fastboot commands with improperly formatted input. | ||
| CVE-2026-24090 | Hig | 0.46 | 7.1 | 0.00 | Jun 1, 2026 | Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow. | ||
| CVE-2026-24089 | Hig | 0.47 | 7.2 | 0.00 | Jun 1, 2026 | Memory corruption while processing fastboot commands with invalid input. | ||
| CVE-2026-24088 | Hig | 0.53 | 8.2 | 0.00 | Jun 1, 2026 | Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader. | ||
| CVE-2026-24087 | Hig | 0.47 | 7.2 | 0.00 | Jun 1, 2026 | Memory corruption while processing fastboot OEM commands. | ||
| CVE-2026-24085 | Hig | 0.47 | 7.2 | 0.00 | Jun 1, 2026 | Memory Corruption when processing display command line information due to improper initialization of a variable. | ||
| CVE-2025-59606 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. | ||
| CVE-2025-59605 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory Corruption when processing device identifier strings that exceed the expected maximum length. | ||
| CVE-2025-59604 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer. | ||
| CVE-2019-25718 | Hig | 0.55 | 8.4 | 0.00 | Jun 1, 2026 | Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the… | ||
| CVE-2026-49491 | Hig | 0.53 | 8.2 | 0.00 | Jun 1, 2026 | Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user… | ||
| CVE-2026-40964 | Hig | 0.49 | 7.5 | 0.00 | Jun 1, 2026 | Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid… | ||
| CVE-2026-28580 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-28577 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-10293 | Hig | 0.57 | 8.8 | 0.00 | Jun 1, 2026 | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been… | ||
| CVE-2026-10292 | Hig | 0.57 | 8.8 | 0.00 | Jun 1, 2026 | A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. | ||
| CVE-2026-10290 | Hig | 0.47 | 7.3 | 0.00 | Jun 1, 2026 | A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack… |
- risk 0.57cvss 8.8epss 0.00
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote…
- risk 0.53cvss 8.1epss 0.00
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5.
- risk 0.53cvss 8.2epss 0.00
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints.
- risk 0.49cvss 7.5epss 0.00
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended…
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8.
- risk 0.56cvss 8.6epss 0.00
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.
- risk 0.53cvss 8.1epss 0.00
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.
- risk 0.53cvss 8.1epss 0.00
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4.
- risk 0.53cvss 8.1epss 0.00
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator,…
- risk 0.57cvss 8.8epss 0.00
Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1.
- risk 0.42cvss 7.5epss 0.00
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication…
- risk 0.57cvss 8.8epss 0.00
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy…
- risk 0.49cvss 7.5epss 0.00
The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without…
- risk 0.57cvss 8.8epss 0.00
Memory corruption while using Strongbox due to buffer overflow.
- risk 0.57cvss 8.8epss 0.00
Memory corruption while using Strongbox due to missing bounds check.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing multiple IOCTL command for escape operations.
- risk 0.51cvss 7.8epss 0.00
Memory corruption while processing IOCTL calls for escape operations.
- risk 0.49cvss 7.6epss 0.01
Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and…
- risk 0.53cvss 8.2epss 0.00
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a…
- risk 0.47cvss 7.2epss 0.00
Memory Corruption when processing fastboot commands to set display mode.
- risk 0.47cvss 7.2epss 0.00
Memory corruption while processing fastboot commands with improperly formatted input.
- risk 0.46cvss 7.1epss 0.00
Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
- risk 0.47cvss 7.2epss 0.00
Memory corruption while processing fastboot commands with invalid input.
- risk 0.53cvss 8.2epss 0.00
Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
- risk 0.47cvss 7.2epss 0.00
Memory corruption while processing fastboot OEM commands.
- risk 0.47cvss 7.2epss 0.00
Memory Corruption when processing display command line information due to improper initialization of a variable.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
- risk 0.51cvss 7.8epss 0.00
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
- risk 0.55cvss 8.4epss 0.00
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the…
- risk 0.53cvss 8.2epss 0.00
Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user…
- risk 0.49cvss 7.5epss 0.00
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid…
- risk 0.51cvss 7.8epss 0.00
In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.57cvss 8.8epss 0.00
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been…
- risk 0.57cvss 8.8epss 0.00
A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack…