Exploit Database
145,169 exploits tracked across all sources.
Unifiedtransform 2.X - Privilege Escalation
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus.
CVSS 4.3
Unifiedtransform 2.0 - Improper Access Control via Exam Rule Edit Endpoint
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
CVSS 4.3
Unifiedtransform 2.0 - Improper Access Control
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.
CVSS 2.7
Unifiedtransform 2.0 - Privilege Escalation via Incorrect Access Control
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
CVSS 8.8
Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 - Info Disclosure
An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication.
CVSS 9.1
libarchive < 3.7.7 - Denial of Service via Crafted TAR Archive with Verbose Mode
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
CVSS 4.0
crmeb CRMEB-KY < 5.4.0 - SQL Injection via getRead() in SystemDatabackupServices.php
crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php
CVSS 9.8
crmeb CRMEB-KY < 5.4.0 - SQL Injection via getRead() in SystemDatabackupServices.php
crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php
CVSS 9.8
Academia Student Information System EagleR 1.0.118 - Authenticated Privilege Escalation via Azure JWT Token Exposure
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.
CVSS 6.5
Academia Student Information System EagleR 1.0.118 - Authenticated Privilege Escalation via Azure JWT Token Exposure
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.
CVSS 6.5
Academia Student Information System EagleR 1.0.118 - Authorization Bypass via getStudemtAllDetailsById API
An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.
CVSS 6.5
Academia Student Information System EagleR 1.0.118 - Authorization Bypass via getStudemtAllDetailsById API
An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.
CVSS 6.5
Academia Student Information System EagleR 1.0.118 - Exposure of Sensitive Information via /rest/cb/executeBasicSearch
An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.
CVSS 7.5
Academia Student Information System EagleR 1.0.118 - Exposure of Sensitive Information via /rest/cb/executeBasicSearch
An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.
CVSS 7.5
Academia Student Information System EagleR 1.0.118 - Improper Access Control in /rest/staffResource/update
Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVSS 8.1
Academia Student Information System EagleR 1.0.118 - Improper Access Control in /rest/staffResource/update
Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVSS 8.1
Academia Student Information System EagleR 1.0.118 - Stored Cross-Site Scripting via User ID Parameter
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.
CVSS 5.4
Academia Student Information System EagleR 1.0.118 - Stored Cross-Site Scripting via User ID Parameter
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.
CVSS 5.4
Academia Student Information System EagleR 1.0.118 - Improper Access Control in Staff Resource Creation
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVSS 9.1
Academia Student Information System EagleR 1.0.118 - Improper Access Control in Staff Resource Creation
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVSS 9.1
Serosoft Academia Student Information System EagleR-1.0.118 - Arbitrary File Upload via writefile.php filePath Parameter
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.
CVSS 6.4
Macro-video Technologies Co.,Ltd V380 Pro <2.1.64 - Info Disclosure
An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.
CVSS 3.4
Macro-video Technologies Co.,Ltd V380E6_C1 - RCE
An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component.
CVSS 6.8
Macro-video Technologies Co.,Ltd V380E6_C1 IP camera - RCE
An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.
CVSS 2.6
File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS 7.5
By Source