Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It has been rated as critical. Affected by this issue is some unknown functi...

Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.

A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based b...

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages.

Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript.

WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.

A vulnerability, which was classified as critical, has been found in Byzoro Smart S85F Management Platform up to 20230820. Affected by this issue is some unknown functionality of the file /sysmanage/u...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2.

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method...

An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges ...

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database ...

An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the ...

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parque...

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are p...

A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malic...

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.

Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.

Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through 2.10.5...