CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to th...

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to th...

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to th...

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to th...

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to th...

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution....

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker...

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authentica...

Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on aff...

OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions...

Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and or...

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the...

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execut...

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and ...

The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routi...

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an admi...

Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user

StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352)

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalat...

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalat...

Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilize...