CVE-2022-26318

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...

CVE-2022-25074

TP-Link TL-WR902ACUSV3191209 routers were discovered to contain a stack overflow in the function DM Fillobjbystr. This vulnerability allows unauthenticated attackers to execute arbitrary code...

CVE-2022-25073

TL-WR841Nv14US0.9.14.18 routers were discovered to contain a stack overflow in the function dmfillObjByStr. This vulnerability allows unauthenticated attackers to execute arbitrary code...

CVE-2022-24355

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name...

PT-2022-4891 · D Link · Dlink Router

Name of the Vulnerable Software and Affected Versions: D-Link routers affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this issue. The...

Vulnerability fixed in Adobe Magento

Adobe has fixed a vulnerability in Magento. A malicious party could potentially exploit the vulnerability to execute arbitrary code without authentication to execute arbitrary code under the privileges of the application. Adobe indicates that targeted exploits have been observed on Adobe Commerce...

CVE-2021-41445

A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim...

Vulnerability fixed in Oracle Health Sciences Applications

Oracle has fixed a vulnerability in the following products: Thesaurus Management System Clinical Health Sciences Clinical Development Analytics Argus Safety Argus Insight Argus Analytics Health Sciences InForm CRF Submit Argus Mart ------------------.------.------------------------------------- |...

ZOHO ManageEngine ServiceDesk Plus 授权问题漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management, IT Project Management, Procurement and Contract Management module...

Vulnerabilities fixed in SonicWall SMA100 series

Vulnerabilities have been fixed in SonicWall SMA100. The vulnerabilities with the attribute CVE-2021-20038 and CVE-2021-20045 have received a CVSSv3 score of 9.8 and 9.4 and allow an unauthenticated remote malicious person potentially able to execute code execute code on the system. The...

CVE-2021-43019

Adobe Creative Cloud version 5.5 and earlier are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker mu...

Corel Pdf Fusion 缓冲区错误漏洞

Corel Pdf Fusion is a commercial all-in-one Pdf creator from Canada's Corel Digital Technology Corel. For assembling, editing and creating Pdf. A security vulnerability exists in Corel PDF Fusion 2.6.2.0, which originates from a buffer error in Coreip.dll when parsing a carefully crafted file,...

Corel WordPerfect 2020 缓冲区错误漏洞

Corel WordPerfect 2020 is a commercial word processing tool from Corel, a Canadian company of Corel Digital Technology Corel. A buffer error vulnerability in IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 can be exploited by an unauthenticated attacker to execute arbitrary code...

Vulnerability fixed in OpenVPN Access Server

The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. OpenVPN has released updates to fix the vulnerability. More information can b...

Fixed vulnerability in Big-IP Access Policy Manager (APM).

The vulnerability allows an unauthenticated malicious person to opportunity to execute arbitrary code on the browser of the victim. To do this, the malicious party must trick the victim into to follow a rogue hyperlink. BIG-IP has released updates to fix the vulnerability. More information can be...

CVE-2021-37181

A vulnerability has been identified in Cerberus DMS V4.0 All versions, Cerberus DMS V4.1 All versions, Cerberus DMS V4.2 All versions, Cerberus DMS V5.0 All versions v5.0 QU1, Desigo CC Compact V4.0 All versions, Desigo CC Compact V4.1 All versions, Desigo CC Compact V4.2 All versions, Desigo CC...

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before...

Design/Logic Flaw

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

Acronis True Image 授权问题漏洞

Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. A security vulnerability exists in Acronis True Image 2021 Update 4 and earlier versions for...

PT-2021-2987 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco SD-WAN vManage Software, which could allow an unauthenticated, remote attacker to execute arbitrary code ...