CVE Brief Security Intelligence

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion

The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4

A security flaw in the jsPDF library could enable attackers to compromise the document generation process, potentially leading to unauthorized data manipulation or client-side execution.

Zumba Json Serializer is a library to serialize PHP variables in JSON format

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2

jsPDF is a library to generate PDFs in JavaScript

jsPDF is a library to generate PDFs in JavaScript

Deno is a JavaScript, TypeScript, and WebAssembly runtime

Chamilo LMS 1

ZoneMinder is a free, open source closed-circuit television software application

ADB Explorer is a fluent UI for ADB on Windows

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects

LabCollector 5

Dell PowerProtect Data Manager, version(s) prior to 19

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations

HDF5 is software for managing data

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI

OpenClaw is a personal AI assistant

A vulnerability was detected in D-Link DWR-M960 1

A flaw has been found in D-Link DWR-M960 1

A vulnerability has been found in D-Link DWR-M960 1

A vulnerability was found in D-Link DWR-M960 1

A vulnerability was determined in D-Link DWR-M960 1

Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication

eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs

The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication

httpsig-hyper is a hyper extension for http message signatures

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection

The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption

Comodo Dome Firewall 2

systeminformation is a System and OS information library for node

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books

GFI Archiver MArc

GFI Archiver MArc

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles

Formwork is a flat file-based Content Management System (CMS)

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models

systeminformation is a System and OS information library for node

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory

Fiverr Clone Script 1

delpino73 Blue-Smiley-Organizer 1

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel

SPIP before 4

A vulnerability exists in EnOcean SmartServer IoT version 4

Statmatic is a Laravel and Git powered content management system (CMS)

OpenClaw is a personal AI assistant

Sricam DeviceViewer 3

Metabase is an open-source data analytics platform

Wallos is an open-source, self-hostable personal subscription tracker

Fabric

OpenClaw is a personal AI assistant

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files

Penpot is an open-source design tool for design and code collaboration

soroban-sdk is a Rust SDK for Soroban contracts

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback

NanaZip is an open source file archive Starting in version 5

OpenClaw is a personal AI assistant

OpenClaw is a personal AI assistant

OpenClaw is a personal AI assistant

OpenClaw is a personal AI assistant

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels

Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels

Part-DB 0

SpotAuditor 5

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7

A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7

GFI Archiver MArc

GFI Archiver MArc