A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vul...

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-auth...

Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate da...

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential informat...

Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monito...

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vuln...

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise...

On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts...

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTT...

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 al...

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypa...

Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3.

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.h...

This vulnerability enables malicious users to read sensitive files on the server.

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.

An attacker can overwrite any file on the server hosting MLflow without any authentication.

An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.

MLflow allowed arbitrary files to be PUT onto the server.

Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.

PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method.

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.

u-boot bug that allows for u-boot shell and interrupt over UART

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "...

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard...