CVE Brief Security Intelligence

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents

Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally

In MindManager Windows versions prior to 24

An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network

A vulnerability was identified in PHPGurukul User Management System 1

A flaw has been found in PHPGurukul Online Course Registration 3

The WP Talroo WordPress plugin through 2

SQL Injection vulnerability in Apache StreamPark

Dell iDRAC Service Module (iSM), versions prior to 6

QuantumNous new-api v

An authentication bypass vulnerability in PandoraNext-TokensTool v0

A buffer overflow vulnerability exists in libsndfile version 1

A vulnerability was detected in Tenda i22 1

A flaw has been found in Tenda M3 1

A vulnerability has been found in Tenda M3 1

Incorrect access control in the component \controller\RoleController

Incorrect access control in the component \controller\ResourceController

A security flaw has been discovered in TOTOLINK A720R 4

A Reflected Cross Site Scripting (XSS) vulnerability was found in /index

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework

WeGIA is a Web manager for charitable institutions

Aikaan IoT management platform v3

hippo4j 1

Audiobookshelf is an open-source self-hosted audiobook server

OperaMasks SDK ELite Script Engine v0

On the monitoring event logs page, it is possible to alter the http request to insert a payload in the DB

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

Moss before v0

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server

An issue was discovered in Shopizer 3

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework

Roo Code is an AI-powered autonomous coding agent that lives in users' editors

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework

IBM QRadar SIEM 7

Tenda AC15 v15

vLLM is an inference and serving engine for large language models (LLMs)

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources

Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3

Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3

A weakness has been identified in SourceCodester Online Bank Management System 1

A security vulnerability has been detected in SourceCodester Online Bank Management System 1

A vulnerability was identified in itsourcecode Apartment Management System 1

Insecure permissions in Agent-Zero v0

A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3

D-Link DCS-825L firmware version 1

User with high privileges is able to introduce a SQLi using the Meta Service indicator page

The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed

HTML injection vulnerability in the registration interface in Evolution Consulting Kft