CVE-2024-5296 : D-LINK D-VIEW 2.0.1.28 TOKENUTILS HARD-CODED KEY
Description D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on
Description D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on
Description Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another
Description A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the ‘open_file’ module, version 9.5. The vulnerability
Description Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. References
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in
Description This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is
Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in
Description Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed.
Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed
Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all
In the realm of web security, the evolution of protocols brings both advancements and vulnerabilities. The HTTP/2 protocol, known for
Description The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard
Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with
Description There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code
Description An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow
Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be
Description IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker
Description Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management
Description Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an
Description image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). References https://github.com/spatie/image-optimizer/issues/210 https://github.com/spatie/image-optimizer/compare/1.7.2…1.7.3 https://github.com/spatie/image-optimizer/pull/211 For
Description Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using `forward-auth` plugin. This issue affects
In our interconnected digital era, endpoints represent the gateways to an organization’s digital assets. Unfortunately, they also stand as prime
Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows