D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected inst...

D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ins...

D-Link DIR-3040 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affect...

TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations ...

An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory traversal via mounting the Udisk to /mnt/.

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between ...

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and e...

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution wit...

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection...

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access ...

Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.

Microsoft SharePoint Server Remote Code Execution Vulnerability

A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It...

Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium se...

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX15...

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless...

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitr...

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

Windows Remote Desktop Protocol Security Feature Bypass

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when export...

Uncontrolled resource consumption for some Intel(R) SPS firmware versions may allow a privileged user to potentially enable denial of service via network access.

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges.