CVE Brief Security Intelligence

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking

This vulnerability affects Firefox < 143, Firefox ESR < 115

Memory safety bugs present in Firefox ESR 140

This vulnerability affects Firefox < 143, Firefox ESR < 140

Greenshot is an open source Windows screenshot utility

The mcp-database-server (MCP Server) 1

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections

This vulnerability affects Firefox < 143, Firefox ESR < 140

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent

SQL injection vulnerability in oa_system oasys v

A vulnerability was identified in Tenda AC9 and AC15 15

An issue was discovered in the method push

An issue was discovered in the method push

A permissions issue was addressed with additional restrictions

A permissions issue was addressed with additional sandbox restrictions

3DAlloy is a lightWeight 3D-viewer for MediaWiki

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing

This issue was addressed by removing the vulnerable code

This issue was addressed with improved checks

SourceCodester Web-based Pharmacy Product Management System 1

Edimax BR-6473AX v1

Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution

This issue was addressed by removing the vulnerable code

A permissions issue was addressed with additional restrictions

A parsing issue in the handling of directory paths was addressed with improved path validation

A permissions issue was addressed with additional restrictions

A permissions issue was addressed with additional restrictions

A permissions issue was addressed with additional restrictions

A permissions issue was addressed with additional restrictions

The issue was addressed with improved input validation

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability

Substance3D - Stager versions 3

Mattermost versions 10

libexpat in Expat before 2

The issue was addressed by adding additional logic

This issue was addressed through improved state management

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics

Out-of-support Control-M/Agent versions 9

IBM AIX 7

A flaw was found in Podman

A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1

A security flaw has been discovered in Campcodes Grocery Sales and Inventory System 1

A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1

A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1

A security flaw has been discovered in itsourcecode Online Laundry Management System 1

A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1

A weakness has been identified in Campcodes Computer Sales and Inventory System 1

A security flaw has been discovered in Campcodes Online Job Finder System 1

A weakness has been identified in Campcodes Computer Sales and Inventory System 1

A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1

Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6

A vulnerability was detected in Campcodes Online Job Finder System 1

A flaw has been found in Campcodes Online Job Finder System 1

A null pointer dereference vulnerability was discovered in SumatraPDF 3

A security flaw has been discovered in SourceCodester Online Student File Management System 1

A vulnerability was detected in SourceCodester Online Student File Management System 1

code-projects Computer Laboratory System 1

A flaw has been found in Campcodes Grocery Sales and Inventory System 1

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1

A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1

The issue was addressed with improved checks

The issue was addressed with improved memory handling

A race condition was addressed with improved state handling