All Posts by: Prasad G

Description Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a

Description In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.

Description The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it

Description D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in

Description Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice

Description Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1. References https://patchstack.com/database/vulnerability/hummingbird-performance/wordpress-hummingbird-plugin-3-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve For

Description Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before

Description There is a HIGH severity vulnerability affecting the CPython “zipfile” module. When iterating over names of entries in a

Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main

Description A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2

Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored

Description Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. References https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-035.txt

Description Mattermost versions 9.9.x

Description A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown

Description The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to

Description Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with

Description A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications

Description The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to

Description This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0,

Description DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to

Description Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user

Description Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a

Description CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues

Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may