In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access c...

A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/pas...

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could poten...

A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component PO...

A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. This affects an unknown part of the file adminpanel/admin/facebox_modal/updateCourse.php of the componen...

A vulnerability was found in SourceCodester Online Internship Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/login.php of ...

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the con...

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution i...

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files usin...

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to...

A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to...

A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attack...

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerabili...

A remote code execution vulnerability in the webview component of OPPO Store app.

There is a command injection problem in the old version of the mobile phone backup app.

A remote code execution vulnerability in the webview component of OnePlus Store app.

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection fla...

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11....

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/se...

JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.