Vulnerabilites CVE

An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an ...

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s...

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a ...

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malform...

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the...

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurat...

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the s...

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  Th...

Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.

In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files witho...

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated att...

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code in...

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 ...

An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges...

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app...

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker control...

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a...

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.2...

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote...

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauthe...

The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send arbit...

The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This a...

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on t...

On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts...

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values ...

Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.

An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request ...

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can...

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerabilit...

LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released up...

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated...

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code executi...

Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscri...

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Direc...

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mappi...

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to...

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Servi...

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution v...

The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration v...

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (...