A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to un...

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers ca...

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from runni...

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files s...

A user with administrator privileges is able to retrieve authentication tokens

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. Thi...

An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `auto...

Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through 1.14.0.

In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution pri...

ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailabl...

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40.

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via craft...

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service...

Unrestricted Upload of File with Dangerous Type vulnerability in Michael Bourne Custom Icons for Elementor allows Upload a Web Shell to a Web Server.This issue affects Custom Icons for Elementor: from...

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repositor...

A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities...