CVE Brief Security Intelligence

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2

Use after free in ANGLE in Google Chrome prior to 139

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2

An issue was discovered in simple-admin-core v1

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website

Dell ThinOS 10, versions prior to 2508_10

Dell ThinOS 10, versions prior to 2508_10

Dell ThinOS 10, versions prior to 2508_10

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0

In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg

In multiple locations, there is a possible out of bounds write due to a use after free

Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability

In multiple locations, there is a possible way to execute arbitrary code due to a use after free

In multiple locations, there is a possible way to execute arbitrary code due to a use after free

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation

A flaw has been found in Tenda CH22 1

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1

In main of main

In process_service_attr_rsp of sdp_discovery

In multiple functions of sdp_server

A flaw has been found in Linksys E1700 1

A vulnerability has been found in Linksys E1700 1

A vulnerability was found in Linksys E1700 1

OPNsense 25

In FoxCMS 1

O2OA v9

Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes – USPS Edition allows Object Injection

NodeBB v4

In avct_lcb_msg_ind of avct_lcb_act

In bnepu_check_send_packet of bnep_utils

In rfc_send_buf_uih of rfc_ts_frames

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection

In btif_hh_hsdata_rpt_copy_cb of bta_hh

Delta Electronics COMMGR has Code Injection vulnerability

IBM Cognos Command Center 10

NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue

In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code

In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack

Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6

Multiple i-フィルター products contain an issue with incorrect default permissions

D-Link DCS-825L firmware v1

Mahara before 24

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3

SelectZero Data Observability Platform before 2025

ImageMagick is free and open-source software used for editing and manipulating digital images

ImageMagick is free and open-source software used for editing and manipulating digital images

In handleBondStateChanged of AdapterService

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure

IBM Cognos Command Center 10

A vulnerability was determined in Campcodes Online Water Billing System 1

A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1

A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1

A security vulnerability has been detected in itsourcecode Apartment Management System 1

A vulnerability was detected in itsourcecode Apartment Management System 1

A flaw has been found in itsourcecode Apartment Management System 1

A vulnerability has been found in itsourcecode Apartment Management System 1

A vulnerability was found in itsourcecode Apartment Management System 1

A security vulnerability has been detected in SourceCodester Online Bank Management System 1

A flaw has been found in SourceCodester Human Resource Information System 1

A vulnerability has been found in SourceCodester Human Resource Information System 1

A vulnerability was determined in Campcodes Online Water Billing System 1

A weakness has been identified in Campcodes Online Loan Management System 1

A security vulnerability has been detected in Campcodes Online Loan Management System 1

A vulnerability was detected in Campcodes Online Loan Management System 1

A flaw has been found in Campcodes Online Loan Management System 1

A vulnerability has been found in Campcodes Online Loan Management System 1

A weakness has been identified in itsourcecode Apartment Management System 1

A vulnerability was detected in itsourcecode Apartment Management System 1

A security flaw has been discovered in itsourcecode Apartment Management System 1

A security vulnerability has been detected in itsourcecode Apartment Management System 1

A vulnerability was identified in itsourcecode Apartment Management System 1

A weakness has been identified in Campcodes Payroll Management System 1

A vulnerability has been found in TOTOLINK T10 4

In Hyundai Navigation App STD5W

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password

Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS