All Posts by: Prasad G

Description Incorrect permissions on the Checkmk Windows Agent’s data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and

Description Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project

Description An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. References https://cert.vde.com/en/advisories/VDE-2024-038

Description In the Linux kernel, the following vulnerability has been resolved: crypto: qat – Fix ADF_DEV_RESET_SYNC memory leak Using completion_done

Description The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in

Description An issue in ifood Order Manager v3.35.5 ‘Gestor de Peddios.exe’ allows attackers to execute arbitrary code via a DLL

Description Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could

Description All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to

Description All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling

Description All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object

Description IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the

Description In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of

Description In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill

Description ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. References https://zkteco.eu/downloads/zkbio-cvsecurity-installation-files https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md For More Information CVERecord

Description SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote

Description A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos

Description SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to

Description Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution

Description In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service

Description Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when

Description Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This

Description A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user

Description A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network

Description NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString.