CVE-2024-9197

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50ABPM.9.2C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service DoS condition against the web...

CVE-2024-13536

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retriev...

CVE-2024-56323

OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects with a model that uses conditions, and 2...

CVE-2024-42377

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...

CVE-2023-22914

A path traversal vulnerability in the “accountprint.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS command...

CVE-2023-0814

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...

CVE-2023-21990

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2023-22922

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.14C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device...

CVE-2023-28950

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358...

CVE-2023-20086

A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to improper processing of ICMPv6 messages. A...

CVE-2023-0345

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

CVE-2023-23451

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number =2311xxxx all...

CVE-2023-1874

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...

CVE-2023-33094

Memory corruption while running VK synchronization with KASAN enabled...

CVE-2022-41913

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

CVE-2022-39270

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...

CVE-2022-43936

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

CVE-2021-20868

Incorrect authorization vulnerability in KONICA MINOLTA bizhub series bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub...

CVE-2021-22932

An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable...