Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows PHP Local File Inclusion.This issue affects...

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the...

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an att...

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker m...

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be u...

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is...

A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The mani...

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. ...

tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of a...

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest aff...

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. T...

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted.

In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.

Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.

SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.

TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.

TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.