Skip to main content

Priority

7 CVEs product

Monthly

CVE-2024-41699 HIGH This Week

Priority - CWE-552: Files or Directories Accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Priority
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-41698 HIGH This Week

Priority - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Priority
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-41697 MEDIUM This Month

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Priority
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-23460 CRITICAL Act Now

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Priority
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23459 CRITICAL Act Now

Priority Windows may allow Command Execution via SQL Injection using an unspecified method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Priority
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23173 MEDIUM This Month

this vulnerability affect user that even not allowed to access via the web interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Priority
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2022-23172 MEDIUM This Month

An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Priority
NVD
CVSS 3.1
4.3
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Priority - CWE-552: Files or Directories Accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Priority
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Priority - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Priority
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Priority
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Priority
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Priority Windows may allow Command Execution via SQL Injection using an unspecified method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Priority
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

this vulnerability affect user that even not allowed to access via the web interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Priority
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Priority
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy