All Posts by: Prasad G

Description GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities.

Description Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling

Description Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for

Description By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse

Description Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider

Description IBM Engineering Lifecycle Optimization – Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE)

Description A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote

Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)

Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could

Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the

Description IBM Maximo Application Suite – Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows

Description Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted

Description In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of

Description In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is

Description In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default

Description D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function.

Description An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute

Description An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial

Description Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue

Description This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated

Description There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to

Description A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function

Description IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript