Unauthenticated CSV Injection in NetSkope
Overview : CSV injection in netskope Admin UI (Version 75.0) Affected Product(s) : Netskope 75.0 Vulnerability Details : CVE ID
Nextcloud Latest vulnerabilities released
Overview : Multiple vulnerabilities reported in Nextcloud Affected Product(s) : Nextcloud Social app version 0.3.1 Nextcloud Social < 0.4.0 Vulnerability
XSS vulnerability in Dashboards section in Kaa IoT Platform v1.2.0
Overview : Kaa IoT Platform version 1.2.0 suffers from a persistent cross site scripting vulnerability. Affected Product(s) : Kaa IoT
Permissions missuses in Nagios XI 5.7.4
Overview : Permissions missuses in Nagios Affected Product(s) : Nagios XI 5.7.4 Vulnerability Details : CVE ID : CVE-2020-5796 Improper
Remote Code Execution in CMSUno 1.6.2
Overview : Remote Code Execution in CMSUno 1.6.2 Affected Product(s) : Version: 1.6.2 Vulnerability Details : CVE ID : CVE-2020-25538
Reflected Cross-Site Scripting (XSS) on API Manager 3.1.0
Overview : Cross-Site Scripting (XSS) vulnerability on API Manager 3.1.0 Affected Product(s) : WSO2 API Manager Vulnerability Details : CVE
Deep Drill Down into Denial of service in nodejs webserver module nghttp2
Overview : nghttpd is a multi-threaded static web server. nghttpd only accepts HTTP/2 connections via NPN/ALPN or direct HTTP/2 connections.
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
Overview : NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Security Advisory
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004
Overview : A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that
Security Advisory for Post-Authentication Stack Overflow on Some Routers and Modem Routers
Overview : Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56,
Overview : Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before
Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0352
Overview : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
Overview : Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated
Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key
Overview : In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key,
MongoDB Enterprise Kubernetes Operator 1.2.5
Overview : X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes
The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code.
Overview : In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to
Multiple vulnerabilities in EasyBlocks IPv6
Overview : Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier
Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.
Overview : Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to
Vulnerabilities Discovered in CIPAce Enterprise Platform
Overview : A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP
Data Center Security Privilege Escalation
Overview : Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege
security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.
Overview : A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula.
Overview : The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be
unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
Overview : An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by
Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection
Overview : In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually