CVE Brief Security Intelligence

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions in versions 2

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free

Phpscript-sgh 0

PHPUnit is a testing framework for PHP

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm

Kyverno is a policy engine designed for cloud native platform engineering teams

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23

Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the `rest_helpers_update_media_metadata` function in all versions up to, and including, 3

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files

Dell PremierColor Panel Driver, versions prior to 1

Dell CloudBoost Virtual Appliance, versions prior to 19

PyTorch is a Python package that provides tensor computation

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes

Nord VPN 6

TapinRadio 2

Intelbras Router RF 301K firmware version 1

WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials

OpenProject is an open-source, web-based project management software

WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables

Victor CMS 1

Ghost is an open source content management system

OpenEMR is a free and open source electronic health records and medical practice management application

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing

M/Monit 3

Explorance Blue versions prior to 8

In GnuPG before 2

docPrint Pro 8

PMB 5

Nidesoft 3GP Video Converter 2

Testa Online Test Management System 3

Meshtastic is an open source mesh networking solution

node-tar,a Tar for Node

SmartBlog 2

Use-after-free in the Layout: Scrolling and Overflow component

In GnuPG before 2

ConvertXis a self-hosted online file converter

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality

Dokploy is a free, self-hostable Platform as a Service (PaaS)

This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7

A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access

The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek

Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita

Integer Overflow or Wraparound vulnerability in yoyofr modizer

NVIDIA runx contains a vulnerability where an attacker could cause a code injection

Realtek Andrea RT Filters 1

EPSON Status Monitor 3 version 8

Acer Global Registration Service 1

Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code

Atheros Coex Service Application 8

SAntivirus IC 10

Motorola Device Manager 2

Motorola Device Manager 2

Quick 'n Easy FTP Service 3

EPSON 1

IP Watcher 3

Prey 1

Program Access Controller 1

ForensiT AppX Management Service 2

Input Director 1

ShareMouse 5

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles

Discourse is an open source discussion platform

Out-of-bounds Write vulnerability in gerstrong Commander-Genius

Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine

Cassandra Web 0

SyncBreeze 10

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1

Mitigation bypass in the Privacy: Anti-Tracking component

Suricata is a network IDS, IPS and NSM engine

Suricata is a network IDS, IPS and NSM engine

Suricata is a network IDS, IPS and NSM engine

soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions

aSc TimeTables 2021

Suricata is a network IDS, IPS and NSM engine

A weakness has been identified in code-projects Online Music Site 1

A security vulnerability has been detected in code-projects Online Music Site 1

A weakness has been identified in itsourcecode School Management System 1

A vulnerability was found in D-Link DIR-615 4

A vulnerability was determined in D-Link DIR-615 4

LibreNMS 1

vLLM is an inference and serving engine for large language models (LLMs)

billboard

Discourse is an open source discussion platform

WSS Agent, prior to 9