Vulnerabilites CVE

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can ret...

Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server.

csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.

U-Boot shell vulnerability resulting in Privilege escalation in a production device

Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): fro...

Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including r...

tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of a...

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBA...

Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications ...

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by ...

iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.

An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute...

Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root.

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to pr...

Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3.

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulne...

A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argumen...

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_i...

An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter.

The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the w...

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP scri...

A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulati...

Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information a...

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon t...

A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Use...

Eigent is a multi-agent Workforce. In version 0.0.60, a 1-click Remote Code Execution (RCE) vulnerability has been identified in Eigent. This vulnerability allows an attacker to execute arbitrary code...

Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. Version 1.15.1 fi...

Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can ...

Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a...

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes int...

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out ot...

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 f...

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user ...

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / request_path values—derived from the url_key stored in the database...

A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execut...

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr deb...

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Un...

The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set...

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can s...

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in...

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to gene...

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /...

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authe...

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and pas...

webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable