All Posts by: Prasad G

Description Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary

Description Improper neutralization of special elements used in a command (‘Command Injection’) exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and

Description Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed

Description A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the “search” parameter in /portal/search.htm. This vulnerability could

Description TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in

Description Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability

Description Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before

Description D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on

Description Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another

Description A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the ‘open_file’ module, version 9.5. The vulnerability

Description Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. References

Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in

Description This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is

Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in

Description Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed.

Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all

Description The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard

Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with

Description There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code

Description An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow