Information disclosure

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Code injection

In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

Design/Logic Flaw

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

Information disclosure

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Out-of-bounds

In gpu driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

Information disclosure

In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Design/Logic Flaw

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

Privilege escalation

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

Information disclosure

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Design/Logic Flaw

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

Out-of-bounds

In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

Design/Logic Flaw

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367...

Design/Logic Flaw

In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

Input validation

In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed...

Information disclosure

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Design/Logic Flaw

In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

Information disclosure

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Information disclosure

In IMS service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Information disclosure

In telephony service, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed...

Information disclosure

In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Information disclosure

In dialer, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Information disclosure

In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Design/Logic Flaw

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807...

Authentication flaw

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

Code injection

In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...

Code injection

Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL...

Cross site scripting

A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely...

Design/Logic Flaw

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073...

Sql injection

A vulnerability was found in rl-institut NESP2 Initial Release/1.0. It has been classified as critical. Affected is an unknown function of the file app/database.py. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

Path traversal

A vulnerability was found in ???????????????? Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to...

Cross site scripting

app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget...

Cross site request forgery (csrf)

A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated...

Code injection

In Perl before 5.38.2, Sparseunipropstring in regcomp.c can write to unallocated space because a property name associated with a \p... regular expression construct is mishandled. The earliest affected version is 5.30.0...

Cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiztaker/yearsection leads to cross site scripting. It is possible to initiate the attack remotely. T...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Th...

Cross site scripting

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

Design/Logic Flaw

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may...

Cross site scripting

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiat...

Sql injection

A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely...

Improper access control

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation o...

Improper access control

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege...

Spoofing

InteraXon Muse 2 devices allow remote attackers to cause a denial of service incorrect Muse App report of an outstanding, calm meditation state via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the Muse App does not display the reception of ...

Cross site scripting

A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument firstname leads to cross site scripting. The attac...

Command injection

In TOTOLINK X6000RFirmware V9.4.0cu.852B20230719, the shttpd file sub415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability...

Deserialization of untrusted data

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...

Deserialization of untrusted data

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...

Code injection

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

Cross site scripting

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...

Server side request forgery (ssrf)

PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery SSRF, which can only be exploited by authenticated users, was found in Posthog. Posthog did not verify whether a URL was local when enabling...

Code injection

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...