CVE Brief Security Intelligence

A vulnerability in GCM-encrypted IKEv2 IPsec traffic processing in Cisco ASA and FTD software allows authenticated remote attackers to cause a denial of service.

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter

An unauthenticated, remote vulnerability in Cisco ASA and FTD Software allows attackers to exhaust device memory via SSL VPN functionality, leading to a persistent Denial of Service (DoS) condition.

An authenticated vulnerability in the LUA interpreter of Cisco ASA and FTD SSL VPN features allows remote attackers with valid credentials to cause an unexpected device reload and Denial of Service.

An authenticated remote attacker with valid VPN credentials can exhaust device memory on Cisco ASA and FTD systems, leading to a Denial of Service for new SSL VPN connections.

Google Chrome versions prior to 145 are vulnerable to an object lifecycle flaw within the DevTools component, potentially leading to memory corruption or arbitrary code execution.

The web-based management interface of Cisco Secure FMC Software is vulnerable to an authenticated SQL injection attack, allowing attackers to manipulate or extract sensitive database information.

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device

A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly

A vulnerability in the SAML 2

Hono is a Web application framework that provides support for any JavaScript runtime

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3

A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files

Dell Command | Intel vPro Out of Band versions prior to 4 contain a high-severity vulnerability that could permit unauthorized management operations.

The Mail Mint WordPress plugin before 1

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_email' parameters in all versions up to, and including, 1

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all versions up to, and including, 6

PHPads 2

Dell Optimizer, versions prior to 6

Concrete CMS below version 9

FreeSMS 2

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400

An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500

Tenda AX3 firmware v16

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface

IBM InfoSphere Information Server 11

Weintek cMT-3072XH2 easyweb v2

A vulnerability in NLTK versions up to and including 3

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

Nokia IMPACT through 19

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19

The Applications component of Nokia IMPACT version through 19

OpenViking versions 0

Insecure permissions in App-Auto-Patch v3

UPS Multi-UPS Management Console (MUMC) version 01

Ghost is a Node

An issue was discovered in 6

Cohesity TranZman Migration Appliance Release 4

Incorrect access control in the component download_wb

Weintek cMT-3072XH2 easyweb v2

Weintek cMT-3072XH2 easyweb v2

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e

An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library

HomeBox is a home inventory and organization system

dr_libs version 0

Permission bypass vulnerability in the system service framework

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4

Cohesity TranZman Migration Appliance Release 4

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4

An issue in the WiseDelfile64

Tradebox 5

Vulnerability of improper verification in the email application