Vulnerabilidades CVE

An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any ne...

The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participa...

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messeng...

An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication

A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompres...

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, ...

An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server ...

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in...

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction ...

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may all...

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users u...

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-...

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the ...

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument d...

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers ...

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin...

A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code.

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.

An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly.

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution

Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.

Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.

Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.

An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice.

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established.

OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the groupid parameter at /messaging/Group.php.

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only...

AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.

LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php.

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could ...

oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impac...

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to ge...

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, a...

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.

Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-...

Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.

Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is n...

RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.

A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parame...

A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by...