Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading ...

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure us...

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper auth...

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary ...

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF...

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from p...

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file users/registration.php of the c...

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parame...

Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a W...

Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct a...

The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter ...

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.

An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker c...

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions.

The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and...

Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerabilit...

Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerabilit...

A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web c...

The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and ...

Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily explo...

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vul...