Security Vulnerabilities
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-18
kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-18
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-18
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-18
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-18
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-18
kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into a dynamic SQL query.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-18
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data
CVSS Score
5.3
EPSS Score
0.0
Published
2025-11-18
A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-11-18
A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-18