Description Windows iSCSI Discovery Service Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803 For More Information MITRE
Description Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a
Description Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and
Description Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user
Description Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary
Description An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users
Description Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html,
Description A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2
Description All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input
Description Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. References https://huntr.dev/bounties/c2a84917-7ac0-4169-81c1-b61e617023de https://github.com/froxlor/froxlor/commit/0034681412057fef2dfe9cce9f8a6e3321f52edc For More Information MITRE
Description IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when
Description Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0.
Description Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any
Description There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to
Description The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions
Description D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to
Description A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker.
Description SQL Injection vulnerability in LearnPress – WordPress LMS Plugin
Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21795 For More Information
Description A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged
Description In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes lacked the complete content. This can lead to a Web Application Firewall bypass.
Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both
Description In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR,
Web Application Firewalls (WAF) have existed for quite some time to safeguard web applications by inspecting HTTP traffic. Traditionally, on-premises WAFs