Security Vulnerabilities
phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-01-13
phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-13
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-13
An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-01-13
A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticated cross-origin requests against the Eramba API, including endpoints like /system-api/login and /system-api/user/me. The response includes sensitive user session data (ID, name, email, access groups), which is accessible to the attacker's JavaScript. This flaw enables full session hijack and data exfiltration without user interaction. Eramba versions 3.23.3 and earlier were tested and appear unaffected. The vulnerability is present in default installations, requiring no custom configuration.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-13
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-01-13
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-13
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-01-13
Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-13
Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-13