Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which ...

Uptime Kuma is an open source, self-hosted monitoring tool. An **Improper URL Handling Vulnerability** allows an attacker to access sensitive local files on the server by exploiting the `file:///` pro...

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0,...

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execu...

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially craf...

An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the chec...

Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. A...

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instruct...

In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives.

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin ad...

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advise...

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new...

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLIN...

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored X...

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method

The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be u...

Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Windows File Explorer Information Disclosure Vulnerability

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability