CVE Brief Security Intelligence

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources"

Apache OpenOffice documents can contain links

Apache OpenOffice documents can contain links to other files

Apache OpenOffice documents can contain links

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3

The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3

A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2

Bacteriology Laboratory Reporting System developed by ViewLead Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents

Bacteriology Laboratory Reporting System developed by ViewLead Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and including, 2

Inappropriate implementation in V8 in Google Chrome prior to 142

Fujitsu fbiosdrv

Improper authorization handling in Zoom Workplace for Android before version 6

Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system

Symfony is a PHP framework for web and console applications and a set of reusable PHP components

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name

Dell SmartFabric OS10 Software, versions prior to 10

Dell SmartFabric OS10 Software, versions prior to 10

Dell Alienware Command Center 6

Dell Alienware Command Center 6

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Apollo Federation is an architecture for declaratively composing APIs into a unified graph

A stack-based buffer overflow vulnerability exists in the libshared

A stack-based buffer overflow vulnerability exists in the makeRequest

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection

A flaw was found in the Observability Operator

A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1

The issue was addressed by refusing external connections by default

Evervault is a payment security solution

IBM AIX 7

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs

A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability

A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability

A vulnerability has been found in Radarr 5

A vulnerability was found in Sonarr 4

Incorrect access control in SIMICAM v1

An issue was discovered in dvsekhvalnov jose2go 1

Fujitsu iRMC S6 on M5 before 1

Ceph is a distributed object, block, and file storage platform

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08)

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code

pgAdmin <= 9

pgAdmin <= 9

MaxKB is an open-source AI assistant for enterprise

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc

A security vulnerability has been detected in SourceCodester Survey Application System 1

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application

A flaw has been found in DinukaNavaratna Dee Store 1

A security vulnerability has been detected in cameasy Liketea 1

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1