CVE Brief Security Intelligence

The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1

Use after free in Media Stream in Google Chrome prior to 138

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1

MapTiler Tileserver-php v2

FlashMQ v1

An issue in FlashMQ v1

Dell XtremIO, version(s) 6

Dell Encryption and Dell Security Management Server, versions prior to 11

Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability

The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server

Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10

vproxy is an HTTP/HTTPS/SOCKS5 proxy server

An issue was discovered in Couchbase Sync Gateway before 3

SQL Injection vulnerability in Bacula-web before v

GitProxy is an application that stands between developers and a Git remote endpoint

Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system

A SQL Injection vulnerability exists in the action

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing

An access control issue in NanoMQ v0

An access issue was addressed with additional sandbox restrictions

TechAdvisor versions 2

SQL Injection affecting the Archiver role

TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2

An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions

An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions

In HDP Server versions below 4

The vulnerability was identified in the code developed specifically for Lenovo

The vulnerability was identified in the code developed specifically for Lenovo

The vulnerability was identified in the code developed specifically for Lenovo

The vulnerability was identified in the code developed specifically for Lenovo

GetProjectsIdea Create School Management System 1

Unauthorized access and impersonation can occur in versions 4

An issue in Aver PTC310UV2 v

Ceph is a distributed object, block, and file storage platform

A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability

A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

IBM Db2 for Linux 12

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution

A memory corruption vulnerability due to improper input validation in lvpict

A memory corruption vulnerability due to improper error handling when a VILinkObj is null exists in NI LabVIEW that may result in arbitrary code execution

This issue was addressed through improved state management

A path handling issue was addressed with improved validation

A logic issue was addressed with improved checks

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents

Grandstream Networks GXP1628 <=1

NanoMQ v0

The issue was addressed with improved checks

A denial-of-service issue was addressed with improved input validation

This issue was addressed through improved state management

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1

Rocket Software Rocket Zena 4

A vulnerability classified as critical was found in code-projects Exam Form Submission 1

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1

A vulnerability has been found in code-projects Vehicle Management 1

A vulnerability was found in code-projects Online Farm System 1

A vulnerability was found in code-projects Online Farm System 1

A vulnerability was found in code-projects Online Farm System 1

A vulnerability was found in Campcodes Online Recruitment Management System 1

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem

An out-of-bounds access issue was addressed with improved bounds checking

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service