Alerts

A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute...

A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/calendar_of_events.php in KASHIPARA E-learning Management System pProject 1.0. This vulnerability allows remote attackers...

A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/school_year.php of KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to...

A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via...

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2....

In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password...

Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support –...

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the...

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in...