Microsoft Partner Center Access Control Vulnerability

Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...

CVE-2025-55265 HCL Aftermarket DPC is affected by File Discovery

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...

UNA CMS <= 14.0.0-RC4 - PHP Object Injection

The vulnerability is located in the /template/scripts/BxBaseMenuSetAclLevel.php script. Specifically, within the BxBaseMenuSetAclLevel::getCode method. When calling this method, user input passed through the "profileid" POST parameter is not properly sanitized before being used in a call to the...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause modification of critical system files...

CVE-2023-49897

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product...

CVE-2018-19162

Divi through 4.0.5 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

CVE-2009-4983

Multiple cross-site scripting XSS vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to 1 category.php and 2 wcategory.php, and the 3 keywords parameter to search.php...

CVE-2009-4222

phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request...

CVE-2021-22307

There is a weak algorithm vulnerability in Mate 3010.0.0.203C00E201R7P2. The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module...

CVE-2021-22453

A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash...

CVE-2021-22386

A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges...

CVE-2022-26317

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...

CVE-2019-18923

Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin...

CVE-2019-2804

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Filesystem. Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to...

CVE-2020-10606

In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other...

CVE-2024-34599

Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege...

CVE-2013-6280

Cross-site scripting XSS vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-1999-0467

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter...

CVE-2024-2259

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerabl...

Nextcloud Calendar Security Feature Issue Vulnerability

Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...