CVE Brief Security Intelligence

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion

A command injection vulnerability in the Nagios zabbixagent_configwizard_func component allows for remote code execution on the monitoring host.

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability

Zumba Json Serializer is a library to serialize PHP variables in JSON format

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion

An authorization bypass vulnerability in the PawFriends WordPress theme allows attackers to exploit incorrectly configured access controls through user-controlled keys.

phpMoAdmin 1

A security vulnerability exists in the Deno JavaScript and TypeScript runtime that could potentially allow for unauthorized code execution or system interference.

Chamilo LMS 1

ZoneMinder is a free, open source closed-circuit television software application

LabCollector 5

A high-severity vulnerability in the Strimzi deployment configuration for Apache Kafka on Kubernetes or OpenShift could allow for unauthorized access or cluster compromise.

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1

A weakness has been identified in funadmin up to 7

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1

A vulnerability was determined in itsourcecode Vehicle Management System 1

A vulnerability was found in code-projects Online Reviewer System 1

A vulnerability has been found in SourceCodester Student Result Management System 1

A vulnerability in the BigBlueButton open-source virtual classroom software could allow an attacker to compromise session integrity or access unauthorized data.

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI

A vulnerability was detected in D-Link DWR-M960 1

A flaw has been found in D-Link DWR-M960 1

A vulnerability has been found in D-Link DWR-M960 1

A vulnerability was found in D-Link DWR-M960 1

A vulnerability was determined in D-Link DWR-M960 1

A security flaw has been discovered in Tenda A21 1

A weakness has been identified in Tenda A21 1

A security vulnerability has been detected in Tenda A21 1

A vulnerability was detected in Tenda A21 1

A flaw has been found in Tenda A21 1

A vulnerability was determined in Tenda A18 15

A vulnerability has been found in Tenda A18 15

A vulnerability has been found in D-Link DWR-M960 1

A vulnerability was found in D-Link DWR-M960 1

A vulnerability was determined in D-Link DWR-M960 1

A vulnerability was identified in D-Link DWR-M960 1

A security flaw has been discovered in D-Link DWR-M960 1

A weakness has been identified in Tenda A21 1

A vulnerability was identified in Tenda HG9 300001138

A security flaw has been discovered in Tenda HG9 300001138

A weakness has been identified in Tenda HG9 300001138

A security vulnerability has been detected in Tenda HG9 300001138

A vulnerability was detected in Tenda HG9 300001138

A flaw has been found in Tenda HG9 300001138

A vulnerability has been found in Tenda FH451 up to 1

A vulnerability was detected in D-Link DWR-M960 1

A flaw has been found in D-Link DWR-M960 1

A vulnerability has been found in D-Link DWR-M960 1

A vulnerability was found in D-Link DWR-M960 1

A vulnerability was determined in D-Link DWR-M960 1

Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

The embedded web interface of the affected device fails to support HTTPS/TLS, relying on insecure HTTP Basic Authentication for user logins.

eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs

The underlying Programmable Logic Controller (PLC) of the device can be remotely influenced due to a lack of proper safeguards or authentication mechanisms.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection

A Wi-Fi router is vulnerable to de-authentication attacks because it does not support Management Frame Protection (MFP), allowing attackers to disconnect users.

GFI Archiver MArc

GFI Archiver MArc

The SAIL image library contains a high-severity vulnerability that could lead to memory corruption or arbitrary code execution when processing malicious image files.

Formwork, a flat file-based CMS, is susceptible to a high-severity vulnerability that could allow for unauthorized file access or system compromise.

A vulnerability was determined in UTT HiPER 810G 1

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory

Fiverr Clone Script 1

delpino73 Blue-Smiley-Organizer 1

A vulnerability exists in EnOcean SmartServer IoT version 4

Statmatic is a Laravel and Git powered content management system (CMS)

Sricam DeviceViewer 3

Metabase is an open-source data analytics platform

Wallos is an open-source, self-hostable personal subscription tracker

The OpenClaw personal AI assistant contains a vulnerability that could allow for unauthorized access to personal data or the execution of unintended commands.

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels

Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels

A late-disclosure vulnerability in the legacy Part-DB 0.x inventory management system could allow for unauthorized data manipulation or access.

SpotAuditor 5

CollabPlatform is a full-stack, real-time doc collaboration platform

GFI Archiver MArc

GFI Archiver MArc

A security vulnerability has been detected in UTT HiPER 520 1

A vulnerability was detected in UTT HiPER 520 1

A validation flaw in Moodle’s backup restore functionality allows for the processing of specially crafted backup files, potentially leading to unauthorized data manipulation or system compromise.

Insufficient input sanitization in the Moodle TeX filter administrative settings allows for command injection, potentially leading to remote code execution by an administrative user.