IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID:...

Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in servic...

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource co...

Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent acces...

Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a...

Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causi...

Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege.

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerabili...

Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.25.

Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.

A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation o...

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These user...

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users ar...

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1...

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two head...

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. ...

Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak...

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration ...

Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0.

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via n...

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via n...