ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds r…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in t…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encode…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder,…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decod…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode …
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology ker…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerabil…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huf…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVIm…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribut…
A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulat…
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument leng…
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File P…
A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation o…
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argume…
A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID resu…
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_…
A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component A…
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to o…
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing…
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:
If a neo4j admin configures two or mo…
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site…
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql in…
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In prac…
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send a…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overfl…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesi…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/…
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially cra…
In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync…
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Acco…
Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Accou…
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of …
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the…
A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql inje…
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_…
A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path tr…
A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper auth…
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential …
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.
Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send …
A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql i…
A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The m…
A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. Performing a manipulation of the argument seme res…
A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm lead…
A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument I…
A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm…
A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument su…
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of th…
A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql i…
A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_…
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulati…
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulati…
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performi…
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno …
A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username …
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argu…
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno …
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a ma…
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access…
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG set…
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impac…
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either di…
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co…
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co…
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can co…
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT).
This issue affects SeppMail: 15.0.2.1 …
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through < 3.1.11.
Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controll…
