Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts allows Upload a Web Shell to a Web Server. This issue affects Sync Posts: from n/a through 1.0.

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX15...

wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.

Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host syst...

Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a throug...

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save funct...

SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int...

Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a throug...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a...

Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.

Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where th...

Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. This issue affects Visual Text Editor: from n/a through 1.2.1.

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopi...

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing...

Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3.

Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.

Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2.

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter ...

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrar...

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by user...

Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0....

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for r...

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server. This issue affects Smallerik File Browser: from n/a through ...