Description Cross-site Scripting (XSS) – Stored in GitHub repository stitionai/devika prior to -. References https://huntr.com/bounties/6c00ff84-574b-4b4f-bd58-aa7ec1809662 https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 For More Information CVERecord
Description IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due
Description A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function
Description Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5. References https://patchstack.com/database/vulnerability/foxiz/wordpress-foxiz-theme-theme-2-3-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve For More
Description In the Linux kernel, the following vulnerability has been resolved: drm/drm_file: Fix pid refcounting race filp->pid is supposed to
Description Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST
Description An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges
Description In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not
Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did
Description Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the
Description A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the
Description In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. References https://wiki.znc.in/Category:ChangeLog https://github.com/znc/znc/releases/tag/znc-1.9.1 https://wiki.znc.in/ChangeLog/1.9.1 https://www.openwall.com/lists/oss-security/2024/07/03/9
Description An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A
Description An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback
Description A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special
Description Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the “message” parameter to inject
Description Mattermost versions 9.8.x
Description The allows any authenticated user to join a private group due to a missing authorization check on a function.
Description Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry prior to v40.17.0 potentially allows
Description A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an
Description GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and
Description mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
Description Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card
Description Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause