File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.

A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is the function createDeleteCommand of the file ?r=article/default/delete of the component Delete Packet. The m...

Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.

Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context o...

Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no long...

A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command inject...

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command ...

Windows SmartScreen Security Feature Bypass Vulnerability

Windows Scripting Engine Memory Corruption Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2...

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected ...

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted mal...

Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hig...

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can onl...

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized forma...

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server...

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.

Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions.

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This iss...

IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824.

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.