CVE Brief Security Intelligence

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8

A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet FortiClientWindows 7

A stack-based buffer overflow in Fortinet FortiOS 7

A stack-based buffer overflow in Fortinet FortiOS 7

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1

The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules

phpMyFAQ is an open source FAQ web application

Type Confusion in V8 in Google Chrome prior to 142

Type Confusion in V8 in Google Chrome prior to 142

Type Confusion in V8 in Google Chrome prior to 142

Type Confusion in V8 in Google Chrome prior to 142

Type Confusion in V8 in Google Chrome prior to 142

Type Confusion in V8 in Google Chrome prior to 142

Type Confusion in V8 in Google Chrome prior to 142

The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpu_add_multiple_roles_ui' and 'mrpu_save_multiple_user_roles' functions in all versions up to, and including, 1

A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5

An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] in Fortinet FortiVoice 7

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5

A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input

EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service

A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine

A vulnerability was detected in Tenda AC20 up to 16

A security vulnerability has been detected in Tenda CH22 1

QaTraq 6

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5

A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in the event processor of the Carbon console

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability

MyScreenTools v2

Piwigo is a full featured open source photo gallery application for the web

IBM Planning Analytics Local 2

In bta_hf_client_cb_init of bta_hf_client_main

A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29

OpenStack Keystone before 26

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only

Glob matches files using patterns the shell uses

IBM Storage Virtualize 8

The password change endpoint in Open Source Point of Sale 3

The openml/openml

Plaintext password storage in Kotaemon 0

Multiple vulnerabilities exist in cbor2 through version 5

A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students

A security vulnerability has been detected in itsourcecode Inventory Management System 1

A vulnerability was determined in lsfusion platform up to 6

A vulnerability was determined in Campcodes School Fees Payment Management System 1

A vulnerability was identified in Campcodes School Fees Payment Management System 1

A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455

A flaw has been found in code-projects Nero Social Networking Site 1

A vulnerability was determined in CodeAstro Simple Inventory System 1

A vulnerability was identified in itsourcecode Online Voting System 1

A vulnerability was found in Campcodes Supplier Management System 1

A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1

A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1

A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1

A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1

A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1

A security flaw has been discovered in code-projects Simple Pizza Ordering System 1

A weakness has been identified in SourceCodester Train Station Ticketing System 1

A vulnerability was discovered in Awesome Miner thru 11

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability

PDFPatcher thru 1

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO