Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.

Microsoft Configuration Manager Remote Code Execution Vulnerability

Windows Remote Desktop Licensing Service Spoofing Vulnerability

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' c...

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to versi...

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, ver...

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.

MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()...

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Li...

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61...

Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue affects myCred: from n/a through 2.7.2.

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5.

Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4...

Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100.

Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2.

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execu...

Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Online Order for Clover: from n/a ...

Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4.

Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6.

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, infor...

Missing Authorization vulnerability in SeventhQueen Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3.