Search Results for: rce

Description Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and

Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user

Description A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform

Description Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge

Description tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the “Set

Description ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated

Description Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained

Description 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some

Description In streampark, the project module integrates Maven’s compilation capabilities. The input parameter validation is not strict, allowing attackers to

Description Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values

Description IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation

Description The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including,

Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all

Description Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project

Description The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in

Description IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the

Description In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of

Description In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill

Description SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to

Description The Houzez Theme – Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currency_code’ parameter in all

Description IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations

Description The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows

Description IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due

Description In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not