Description An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command
Description Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow
Description In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead
Description Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Asus NAS-M25 allows an
Description Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root,
Description Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version “65” and prior and Mitsubishi
Description Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. References https://github.com/lcg-22266/bug_report/blob/main/vendors/oretnom23/Purchase%20Order%20Management%20System/UPLOAD-1.md For More Information MITRE
Description An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is
Description A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This
Description An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating
Description A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON
Description Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads
Description A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the
Description Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin
Description NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where
Description The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user
Description An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed
Description Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log
Description Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. References https://huntr.dev/bounties/bebd0cd6-18ec-469c-b6ca-19ffa9db0699 https://github.com/kareadita/kavita/commit/f8db37d3f9aa42d47e7c4f4ca839e892d3f97afb For More Information MITRE
Description Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable
Description A vulnerability has been found in Backdoor.Win32.RemServ.d and classified as critical. This vulnerability affects unknown code of the component
Description Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and
Description In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to
Description Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor