| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-44249 | — | Cri | 0.64 | 9.8 | 0.02 | Jan 28, 2022 | Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials. | |
| CVE-2021-46428 | Cri | 0.64 | 9.8 | 0.03 | Jan 27, 2022 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. | ||
| CVE-2021-46427 | Cri | 0.64 | 9.8 | 0.02 | Jan 27, 2022 | An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. | ||
| CVE-2021-46377 | Cri | 0.64 | 9.8 | 0.01 | Jan 27, 2022 | There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser | ||
| CVE-2022-21723 | Cri | 0.00 | 9.1 | 0.04 | Jan 27, 2022 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can… | ||
| CVE-2022-21722 | Cri | 0.00 | 9.1 | 0.02 | Jan 27, 2022 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP… | ||
| CVE-2022-21686 | Cri | 0.52 | 9.0 | 0.02 | Jan 26, 2022 | PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds. | ||
| CVE-2021-46386 | — | Cri | 0.64 | 9.8 | 0.03 | Jan 26, 2022 | File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | |
| CVE-2022-0362 | — | Cri | 0.57 | 9.8 | 0.01 | Jan 26, 2022 | SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. | |
| CVE-2021-46560 | Cri | 0.64 | 9.8 | 0.04 | Jan 26, 2022 | The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | ||
| CVE-2022-23959 | Cri | 0.59 | 9.1 | 0.02 | Jan 26, 2022 | In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | ||
| CVE-2021-36294 | Cri | 0.64 | 9.8 | 0.02 | Jan 25, 2022 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user. | ||
| CVE-2022-0332 | Cri | 0.63 | 9.8 | 0.45 | Jan 25, 2022 | A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | ||
| CVE-2021-43298 | Cri | 0.64 | 9.8 | 0.02 | Jan 25, 2022 | The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's… | ||
| CVE-2021-46089 | Cri | 0.57 | 9.8 | 0.02 | Jan 25, 2022 | In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges. | ||
| CVE-2021-46033 | Cri | 0.64 | 9.8 | 0.01 | Jan 25, 2022 | In ForestBlog, as of 2021-12-28, File upload can bypass verification. | ||
| CVE-2021-3850 | Cri | 0.52 | 9.1 | 0.02 | Jan 25, 2022 | Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | ||
| CVE-2022-23944 | Cri | 0.06 | 9.1 | 0.79 | Jan 25, 2022 | User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||
| CVE-2021-45802 | Cri | 0.64 | 9.8 | 0.01 | Jan 25, 2022 | MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration. | ||
| CVE-2021-45029 | Cri | 0.64 | 9.8 | 0.06 | Jan 25, 2022 | Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||
| CVE-2021-43394 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated. | ||
| CVE-2021-46451 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function. | ||
| CVE-2020-17383 | Cri | 0.64 | 9.8 | 0.04 | Jan 24, 2022 | A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password… | ||
| CVE-2022-23126 | Cri | 0.00 | 9.8 | 0.02 | Jan 24, 2022 | TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for… | ||
| CVE-2021-43420 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | ||
| CVE-2021-41928 | Cri | 0.64 | 9.8 | 0.02 | Jan 24, 2022 | SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. | ||
| CVE-2021-41660 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php. | ||
| CVE-2021-41659 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | ||
| CVE-2021-41472 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters. | ||
| CVE-2021-41471 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. | ||
| CVE-2021-40909 | Cri | 0.63 | 9.6 | 0.02 | Jan 24, 2022 | Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. | ||
| CVE-2021-40908 | Cri | 0.64 | 9.8 | 0.03 | Jan 24, 2022 | SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | ||
| CVE-2021-40907 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. | ||
| CVE-2021-40596 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter. | ||
| CVE-2022-23855 | Cri | 0.64 | 9.8 | 0.02 | Jan 24, 2022 | An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account. | ||
| CVE-2022-23852 | Cri | 0.00 | 9.8 | 0.05 | Jan 24, 2022 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | ||
| CVE-2021-30636 | Cri | 0.64 | 9.8 | 0.01 | Jan 24, 2022 | In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc. | ||
| CVE-2021-26706 | Cri | 0.64 | 9.8 | 0.02 | Jan 24, 2022 | An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds the address space: Mem_PoolCreate, Mem_DynPoolCreate, and Mem_DynPoolCreateHW.… | ||
| CVE-2021-46024 | Cri | 0.64 | 9.8 | 0.01 | Jan 23, 2022 | Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | ||
| CVE-2022-23366 | Cri | 0.67 | 9.8 | 0.07 | Jan 21, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. | ||
| CVE-2022-23365 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. | ||
| CVE-2022-23364 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2022 | HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. | ||
| CVE-2022-23363 | — | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2022 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. | |
| CVE-2021-40595 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2022 | SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. | ||
| CVE-2022-23128 | Cri | 0.64 | 9.8 | 0.03 | Jan 21, 2022 | Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97… | ||
| CVE-2021-40247 | Cri | 0.64 | 9.8 | 0.03 | Jan 21, 2022 | SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | ||
| CVE-2020-4879 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2022 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. | ||
| CVE-2020-4877 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2022 | IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843. | ||
| CVE-2021-46309 | Cri | 0.64 | 9.8 | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. | ||
| CVE-2021-46308 | Cri | 0.64 | 9.8 | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. |
- risk 0.64cvss 9.8epss 0.02
Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.
- risk 0.64cvss 9.8epss 0.03
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.
- risk 0.64cvss 9.8epss 0.01
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser
- risk 0.00cvss 9.1epss 0.04
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can…
- risk 0.00cvss 9.1epss 0.02
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP…
- risk 0.52cvss 9.0epss 0.02
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.
- risk 0.64cvss 9.8epss 0.03
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.
- risk 0.57cvss 9.8epss 0.01
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
- risk 0.64cvss 9.8epss 0.04
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
- risk 0.59cvss 9.1epss 0.02
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
- risk 0.64cvss 9.8epss 0.02
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.
- risk 0.63cvss 9.8epss 0.45
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
- risk 0.64cvss 9.8epss 0.02
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's…
- risk 0.57cvss 9.8epss 0.02
In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.
- risk 0.64cvss 9.8epss 0.01
In ForestBlog, as of 2021-12-28, File upload can bypass verification.
- risk 0.52cvss 9.1epss 0.02
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
- risk 0.06cvss 9.1epss 0.79
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
- risk 0.64cvss 9.8epss 0.01
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.
- risk 0.64cvss 9.8epss 0.06
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.
- risk 0.64cvss 9.8epss 0.01
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.
- risk 0.64cvss 9.8epss 0.01
An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.
- risk 0.64cvss 9.8epss 0.04
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password…
- risk 0.00cvss 9.8epss 0.02
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for…
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
- risk 0.64cvss 9.8epss 0.02
SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.
- risk 0.63cvss 9.6epss 0.02
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account.
- risk 0.00cvss 9.8epss 0.05
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
- risk 0.64cvss 9.8epss 0.01
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds the address space: Mem_PoolCreate, Mem_DynPoolCreate, and Mem_DynPoolCreateHW.…
- risk 0.64cvss 9.8epss 0.01
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.
- risk 0.67cvss 9.8epss 0.07
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
- risk 0.64cvss 9.8epss 0.01
HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.
- risk 0.64cvss 9.8epss 0.01
HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.
- risk 0.64cvss 9.8epss 0.01
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.
- risk 0.64cvss 9.8epss 0.03
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97…
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.
- risk 0.64cvss 9.8epss 0.01
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.
- risk 0.64cvss 9.8epss 0.01
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.
- risk 0.64cvss 9.8epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.