CVE Brief Security Intelligence

The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1

MapTiler Tileserver-php v2

Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs

An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1

Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10

An issue was discovered in Couchbase Sync Gateway before 3

SQL Injection vulnerability in Bacula-web before v

Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system

A SQL Injection vulnerability exists in the action

A vulnerability was found in TOTOLINK X15 1

A vulnerability was found in TOTOLINK X15 1

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing

An access control issue in NanoMQ v0

Insufficient input validation within GitLab Language Server 7

SQL Injection affecting the Archiver role

In HDP Server versions below 4

Versions of the package ssrfcheck before 1

Unauthorized access and impersonation can occur in versions 4

A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability

A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

IBM Db2 for Linux 12

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution

A memory corruption vulnerability due to improper input validation in lvpict

A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution

In JetBrains TeamCity before 2025

Grandstream Networks GXP1628 <=1

IBM Informix Dynamic Server 12

Improper session invalidation in the component /elms/emp-changepassword

Improper session invalidation in the component /doctor/change-password

Improper session invalidation in the component /doctor/change-password

In JetBrains TeamCity before 2025

Improper session invalidation in the component /srms/change-password

Improper session invalidation in the component /edms/change-password

NanoMQ v0

A vulnerability classified as critical was found in code-projects Online Ordering System 1

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1

A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1

A vulnerability has been found in code-projects Exam Form Submission 1

A vulnerability was found in code-projects Exam Form Submission 1

A vulnerability was found in code-projects Exam Form Submission 1

A vulnerability was found in code-projects Exam Form Submission 1

A vulnerability, which was classified as critical, was found in Vaelsys 4

A vulnerability was found in Vaelsys 4

A vulnerability was found in code-projects Exam Form Submission 1

A vulnerability was found in code-projects Exam Form Submission 1

A vulnerability was found in code-projects Exam Form Submission 1

A vulnerability was found in code-projects Exam Form Submission 1

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting

Improper session invalidation in the component /library/change-password

Improper session invalidation in the component /banker/change-password

Improper session invalidation in the component /crm/change-password

Improper session invalidation in the component /bbdms/change-password

Improper session invalidation in the component /crm/change-password

Improper session invalidation in the component /carrental/update-password

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem