Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation
Description Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. References https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65 https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d For More Information MITRE
Description Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application
Description Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications
Description InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284:
Description There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing
Description Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674 For More Information MITRE
Description Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote. References https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin
Description The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification
Description A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their
Description Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper
Description Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to
Description A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0
Description Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers
Description lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file
Description authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable
Description Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos prior to 0.9.1. References https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 For
Description A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary
Description Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell.
The conventional Model is WAF 1.0 Hardware-driven, not scalable, typically rule-based architecture which came into existence in the early 2000s.
Description IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA
Description The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the
Description Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input
Description The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for