Vulnerabilidades CVE

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allow...

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then...

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename com...

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communic...

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did ...

NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by defa...

Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the Rocks...

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.

WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access contr...

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management in...

A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated re...

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. T...

A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buff...

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated a...

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privilege...

A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPO...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ...

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ...

ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Aud...

ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Aud...

The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is du...

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the w...

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit th...

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scrip...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ...

Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BBP Core: from n/a through <= 1.4.1.

Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3...

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buff...

An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenti...

Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attac...

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buff...

Cross-Site Request Forgery (CSRF) vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows Cross Site Request Forgery.This issue affects Vimeotheque: from n/a through ...

Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through ...

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requi...

Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.2.

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privi...

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ...

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This iss...

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in ...

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /ap...

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP ...

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.

ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Au...