CVE-2024-44080

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format...

CVE-2022-49038

The CVE-2022-49038 vulnerability affects Synology Drive Client, where the OpenSSL DLL component allegedly contains functionality from an untrusted control sphere that enables local users to execute arbitrary code via unspecified vectors. Affected software: Synology Drive Client versions prior to ...

Improper Authorization lead a user add an arbitrary agent into Team

Description A Vulnerability in edit team function lead an user add another user via ID to Team, alternatively know the email of every user in Chatwoot Step to reproduce - login to the app -navigate to the Team setting: https://app.chatwoot.com/app/accounts/id/settings/teams/list -Create new or ed...

Design/Logic Flaw

Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a...