GoCD versions 20.2.0 through 21.4.0 (inclusive) are vulnerable to reflected XSS via abuse of the pipeline comparison function’s error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing code which would allow the attacker to operate on, or gain control over the same resources as the victim had access to.
Description Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow
Description In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead
Description Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Asus NAS-M25 allows an