CVE-2023-51806

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...

CVE-2023-51984

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell...

Design/Logic Flaw

An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file...

Totolink T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in Totolink T6 version 4.1.9cu.5241B20210923, which originates from the component HTTP POST Request Handler in the file /cgi-bin/cstecgi.cgi that fails to correctly validate t...

Security Bulletin: IBM Storage Fusion HCI could be vulnerable to code injection via use of quartz/quartz-jobs [CVE-2023-39017]

Summary The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the 'Vulnerabilities Details' section. This bulletin...

CVE-2023-52310

PaddlePaddle before 2.6.0 has a command injection in getonlinepassinterval. This resulted in the ability to execute arbitrary commands on the operating system...

Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in Tiny Technologies TinyMCE prior to version 5.9.0, which originates from an authenticated, remote attacker who can insert crafted HTML into the editor, resulting in the...

Ubuntu: Security Advisory (USN-6563-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-26623

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the AdministrationWidget tab after the login portal...

openSUSE 15 Security Update : zabbix (openSUSE-SU-2023:0419-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0419-1 advisory. - An attacker who has the privilege to configure Zabbix items can use function icmpping with additional malicious command inside it to execute arbitrary...

Cloudflare Wrangle Security Breach

Cloudflare Wrangler is a repository from Cloudflare, Inc. A security vulnerability exists in Cloudflare Wrangler versions prior to 3.19.0 that stems from the presence of an arbitrary code execution vulnerability that allows an attacker on a local network to connect to the inspector and run...

PT-2023-28692 · Dell · Dell Client Bios

Name of the Vulnerable Software and Affected Versions: Dell Client BIOS affected versions not specified Description: Dell Client BIOS contains a pre-boot direct memory access DMA vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability...

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.

Summary IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of certain repeated conditional groups. By using a specially crafted...

CVE-2023-49032

An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone...

CVE-2023-50628

Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component...

CVE-2023-6315

Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

Adobe Substance 3D Sampler out-of-bounds write vulnerability (CNVD-2023-9821564)

Adobe Substance 3D Sampler is a photogrammetry software from the American company Audobee Adobe. It is used to convert photo captures and scanned images into 3D textures and material assets. An out-of-bounds write vulnerability exists in Adobe Substance 3D Sampler 4.2.1 and earlier versions, whic...

Ubuntu: Security Advisory (USN-6557-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py...

USN-6557-1: Vim vulnerabilities

It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2022-1725 It was discovered that Vim could be made to recurse...