All Posts by: Prasad G

Description Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect

Description The Houzez Theme – Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currency_code’ parameter in all

Description IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations

Description A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account

Description The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows

Description Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that

Description Cross-site Scripting (XSS) – Stored in GitHub repository stitionai/devika prior to -. References https://huntr.com/bounties/6c00ff84-574b-4b4f-bd58-aa7ec1809662 https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 For More Information CVERecord

Description IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due

Description A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function

Description Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5. References https://patchstack.com/database/vulnerability/foxiz/wordpress-foxiz-theme-theme-2-3-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve For More

Description In the Linux kernel, the following vulnerability has been resolved: drm/drm_file: Fix pid refcounting race filp->pid is supposed to

Description Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST

Description An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges

Description In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not

Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did

Description Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the

Description A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the

Description In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. References https://wiki.znc.in/Category:ChangeLog https://github.com/znc/znc/releases/tag/znc-1.9.1 https://wiki.znc.in/ChangeLog/1.9.1 https://www.openwall.com/lists/oss-security/2024/07/03/9

Description An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A

Description An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback

Description A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special

Description Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the “message” parameter to inject

Description Mattermost versions 9.8.x

Description The allows any authenticated user to join a private group due to a missing authorization check on a function.