CVE Brief Security Intelligence

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3

The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3

A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation

Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes) via an unauthenticated HTTP GET request to /obs/database/obs_db

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle

The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up to, and including, 0

Use after free in Internals in Google Chrome on iOS prior to 127

An issue in Intermesh BV GroupOffice vulnerable before v

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry

Improper authorization handling in Zoom Workplace for Android before version 6

Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access

Inappropriate implementation in DevTools in Google Chrome prior to 126

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system

The Creta Testimonial Showcase WordPress plugin before 1

Dell Alienware Command Center 6

Dell Alienware Command Center 6

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login

Apollo Federation is an architecture for declaratively composing APIs into a unified graph

IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information

General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials

A stack-based buffer overflow vulnerability exists in the libshared

A stack-based buffer overflow vulnerability exists in the makeRequest

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry Information

The issue was addressed by refusing external connections by default

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes

IBM AIX 7

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs

A vulnerability has been found in Radarr 5

A vulnerability was found in Sonarr 4

A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6

pgAdmin <= 9

pgAdmin <= 9

An issue was found in the Application Server of Desktop Alert PingAlert version 6

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses

MaxKB is an open-source AI assistant for enterprise

A security vulnerability has been detected in cameasy Liketea 1

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1

A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1

A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1

npm package `expr-eval` is vulnerable to Prototype Pollution

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1