The vulnerability of the Windows operating system’s Telephony Service allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows operating system’s Telephony Service is related to overflowing buffers in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Websoft HCM’s automation software for HR processes allows attackers to execute cross-site scripting attacks (XSS).

The vulnerability of Websoft HCM’s automation software for HR processes is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

The vulnerability of Websoft HCM’s automation software for HR processes stems from improper path handling, allowing attackers to perform arbitrary file operations outside of the directory.

The vulnerability of Websoft HCM’s automation software for HR processes arises from improper handling of paths during the loading of specially crafted files. Exploiting this vulnerability allows an attacker to perform arbitrary file operations outside the directory...

The vulnerability of the Two-factor Authentication (TFA) module in the Drupal CMS system, related to deficiencies in authentication procedures, allows attackers to circumvent security restrictions.

The vulnerability of the Two-factor Authentication TFA module in the Drupal CMS system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to bypass security restrictions remotely...

The vulnerability of the Windows Routing and Remote Access service (RRAS) on Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Routing and Access Service RRAS on Microsoft Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Windows operating system’s Telephony Service allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows operating system’s Telephony Service is related to overflowing buffers in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the VSP Elevation function in the hardware virtualization technology of Windows Hyper-V operating systems allows attackers to elevate their privileges to the SYSTEM level.

The vulnerability of the VSP Elevation function in the hardware virtualization layer of Windows Hyper-V operating systems involves the possibility of exploiting memory after it is freed. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...

The vulnerability of the VSP Elevation function in the hardware virtualization technology of Windows Hyper-V operating systems allows attackers to elevate their privileges to the SYSTEM level.

The vulnerability of the VSP Elevation function in the hardware virtualization layer of Windows Hyper-V operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...

The vulnerability of the Azure Marketplace component of Microsoft Azure’s software platform allows a perpetrator to disclose protected information.

The vulnerability of the Azure Marketplace component of Microsoft Azure’s software platform is related to access control errors. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...

The vulnerability of the Opigno CMS system’s module, related to errors in processing input data during syntax analysis of code, allows attackers to execute arbitrary code.

The vulnerability of the Opigno CMS system’s module is related to errors in data processing during syntax analysis of the code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the VSP Elevation function in the hardware virtualization technology of Windows Hyper-V operating systems allows attackers to elevate their privileges to the SYSTEM level.

The vulnerability of the VSP Elevation function in the hardware virtualization layer of Windows Hyper-V operating systems involves the possibility of exploiting memory after it is freed. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...

The vulnerability of the Node Access Rebuild component in Drupal CMS systems, related to deficiencies in access control, allows attackers to bypass security restrictions.

The vulnerability of the Node Access Rebuild component in Drupal CMS systems is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to bypass security restrictions remotely...

The vulnerability of the Registration role module in Drupal CMS systems, related to incorrect privilege assignment, allows attackers to bypass security restrictions and enhance their privileges.

The vulnerability of the Registration role module in Drupal CMS systems is related to the improper assignment of privileges. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and enhance their privileges...

The vulnerability of Websoft HCM’s automation software for HR processes lies in the ability to load arbitrary files, allowing attackers to execute arbitrary code.

The vulnerability of Websoft HCM’s automation software for HR processes lies in the ability to load arbitrary files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating a specially crafted file...

The vulnerability of the Swift Mailer module in the Drupal CMS system, related to the use of dangerous methods or functions, allows attackers to exploit it.

The vulnerability of the Swift Mailer module in the Drupal CMS system is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute a spear-phishing attack remotely...

The vulnerability of the “Allow All File Extensions” module in Drupal CMS systems stems from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the “Allow All File Extensions” module for file fields in Drupal CMS systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Windows operating system’s Telephony Service allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows operating system’s Telephony Service is related to a potential overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Windows operating system’s Telephony Service allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows operating system’s Telephony Service is related to overflowing buffers in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to induce a service failure.

The vulnerability of the Kerberos protocol for Windows operating systems is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the Windows operating system’s Telephony Service allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows operating system’s Telephony Service is related to overflowing buffers in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Pages Restriction Access module in the Drupal CMS system, related to deficiencies in the authentication mechanism, allows attackers to bypass security restrictions and execute a Forceful Browsing attack.

The vulnerability of the Pages Restriction Access module in the Drupal CMS system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

The vulnerability of the CookieSigner class in the Apache Spark framework and the Apache Hive database allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CookieSigner class in the Apache Spark framework and the Apache Hive database is related to the disclosure of the digital signature of cookies due to an incorrect mechanism for generating error reports. Exploiting this vulnerability can allow a remote attacker to gain...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...

The vulnerability in the web interface for managing Zyxel network devices allows a perpetrator to escalate their privileges.

The vulnerability of the web interface for managing Zyxel network devices involves insecure management of privileges. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the level of an administrator and upload configuration files...

The vulnerability of the Drupal File Entity CMS system, related to the lack of measures taken to protect the website structure, allows attackers to bypass security restrictions and perform cross-site scripting attacks.

The vulnerability of the Drupal File Entity CMS system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform cross-site scripting attacks...

The vulnerability in the Advanced PWA module of the Drupal CMS system, related to incorrect authentication, allows a hacker to bypass security restrictions and execute a Forceful Browsing attack.

The vulnerability of the Advanced PWA module in Drupal’s Push Notifications CMS system is related to improper authentication. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in improper verification of certificates. This allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller is related to improper verification of certificates. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...

The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the improper assignment of permissions to critical resources. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerabilities in the software used for developing and executing applications in the ABAP language of SAP NetWeaver Application Server ABAP are related to the improper assignment of permissions to critical resources. Exploiting these vulnerabilities can allow attackers, operating remotely, to...

The vulnerability of the Minify JS module in Drupal CMS systems, related to the manipulation of cross-site requests, allows attackers to execute CSRF attacks.

The vulnerability of the Minify JS module in Drupal CMS systems is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack remotely...

The vulnerability of the Intel QuickAssist (Intel QAT Engine for OpenSSL) driver package, related to improper flow management, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the Intel QuickAssist Driver Package Intel QAT Engine for OpenSSL is related to improper handling of threads. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the Entity Form Steps module in the Drupal CMS system, related to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Entity Form Steps module in the Drupal CMS system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the App Connect Enterprise Certified Container management tool, related to unlimited resource distribution, allows a attacker to cause a service failure.

The vulnerability of the App Connect Enterprise Certified Container management tool is related to the unlimited distribution of resources during the process of writing files to the local file system. Exploiting this vulnerability can allow a attacker to cause service failures...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of strictly encrypted accounting data. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized acces...

The vulnerability of the unserialize() function in the Eloqua CMS system’s Drupal module allows a hacker to execute arbitrary code.

The vulnerability of the unserialize function in the Eloqua CMS system’s Drupal module is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Drupal CMS system’s “Download All Files” module, related to the lack of authentication, allows attackers to bypass security restrictions and execute a forced browsing attack.

The vulnerability of the “Download All Files” module in Drupal systems is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

The vulnerabilities of functions pse_release_pis() and of_pse_match_pi() in the kernel module drivers/net/pse-pd/pse_core.c of the Linux operating system allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerabilities of functions psereleasepis and ofpsematchpi in the drivers/net/pse-pd/psecore.c kernel of the Linux operating system are related to memory allocation beyond the bounds of the allocated buffer. Exploiting these vulnerabilities could allow an attacker to compromise the...

The vulnerability of the dnsserver1 and dnsserver2 parameter handlers in TP-Link TL-WR940N software allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the dnsserver1 and dnsserver2 parameter handlers in the TP-Link TL-WR940N router software lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root...

The vulnerability of the System component of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the System component of the Android operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the trie_get_next_key() function in the kernel/bpf/lpm_trie.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the triegetnextkey function in the kernel/bpf/lpmtrie.c module of the Linux operating system is related to memory allocation beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of t...

The vulnerability of the embedded software of NETGEAR DGN1000 lies in the ability to bypass the authentication process by using an alternative path or channel, allowing a hacker to execute arbitrary code.

The vulnerability of the embedded software of NETGEAR DGN1000 lies in the ability to bypass the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HTTP requests remotely...

The vulnerability in the web interface for collecting device information on the Cisco Common Services Platform Collector allows a attacker to perform XSS attacks.

The vulnerability in the web interface for collecting device information on Cisco Common Services Platform Collector CSPC is related to the failure to remove unacceptable symbols from identifiers on web pages. Exploiting this vulnerability allows a remote attacker to perform XSS attacks...

The vulnerability in the web interface for collecting device information on the Cisco Common Services Platform Collector allows a attacker to perform XSS attacks.

The vulnerability in the web interface for collecting device information on Cisco Common Services Platform Collector CSPC is related to the failure to remove unacceptable symbols from identifiers on web pages. Exploiting this vulnerability allows a remote attacker to perform XSS attacks...

The vulnerability of the __handle_ksmbd_work() function in the fs/smb/server/server.c module of the Linux-based CIFS/SMB3 server, ksmbd server, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the handleksmbdwork function in the fs/smb/server/server.c module of the Linux-based CIFS/SMB3 server ksmbd server relates to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of protection for the SQL query structure. This allows attackers to extract the contents of the database of the software tool and gain access to write and read arbitrary files.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to remotely access and manipulate the database content of the software platform, as well as gain...

The vulnerability of the get_rpi() function in the drivers/powercap/intel_rapl_common.c file of the Linux kernel allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the getrpi function in the drivers/powercap/intelraplcommon.c file of the Linux kernel is related to improper control of the index range. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the protected information...

The vulnerability of the jfs_mount() function in the fs/jfs/jfs_mount.c file of the JFS file system in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the jfsmount function in the fs/jfs/jfsmount.c file of the JFS file system in the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the ma35_pinctrl_dt_node_to_map_func() function in the drivers/pinctrl/nuvoton/pinctrl-ma35.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ma35pinctrldtnodetomapfunc function in the drivers/pinctrl/nuvoton/pinctrl-ma35.c file of the Linux kernel is related to the repeated release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity,...

The vulnerability of the sisfb_search_mode() function in the drivers/video/fbdev/sis/sis_main.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sisfbsearchmode function in the drivers/video/fbdev/sis/sismain.c file of the Linux kernel is related to memory allocation beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the nilfs_clear_folio_dirty() function in the fs/nilfs2/page.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nilfsclearfoliodirty function in the fs/nilfs2/page.c module of the Linux kernel is related to memory writing beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility o...

The vulnerability of the _cfg80211_unregister_wdev() function in the net/wireless/core.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cfg80211unregisterwdev function in the net/wireless/core.c module of the Linux kernel is related to the re-release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...