A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument User...
NocoDB: Cross-Workspace Integration Use in Connection Test
NocoDB: User Enumeration via Sign-In Timing
NocoDB: Plaintext Password Comparison in Shared Views
NocoDB: Hidden Column Exposure in Public Shared View Endpoints
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin
NocoDB: Reflected Cross-Site Scripting via Password Reset Token
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 path_open interfaces by ...
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp-server-kubernetes passes user-supplied flags directly to kubectl without any allowlist, enabling a privilege escalation attack within Kubernetes environ...
Klever-Go KVM: Hash-array amplification in P2P resolver request handling
Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService
Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic
Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1) reset the password via email and then 2) reset the 2FA token via email. This way they reduce 2FA to 1FA (email access). Note ...
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot ...
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.