Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardenin...

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafte...

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democrit...

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritu...

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democri...

Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp.

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the ser...

An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php.

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php.

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php.

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php.

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.

D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php.

D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a craf...

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.