The tar-fs package contains vulnerabilities that allow for improper link resolution before file access and improper limitations on pathnames during file extraction. By exploiting these flaws, an attacker can craft a malicious tar file, leading to unauthorized file writes or overwrites outside the...

The GitHub ToolKit for developing GitHub Actions contains a vulnerability that allows arbitrary file writes when using methods like `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal`. Specifically, this vulnerability arises when processing specially crafted artifacts...

GeoServer, an open-source server for sharing and editing geospatial data, is susceptible to misuse in its PostGIS Datastore functions. This vulnerability arises from improper handling of certain function calls within the OGC Filter expression language and Common Query Language (CQL). Users are en...

An access control flaw has been identified in GitLab EE that permits users to access sensitive project information, even when specific features are disabled. This issue impacts all versions of GitLab EE from 17.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. The vulnerability rel...

An issue has been identified in GitLab Community and Enterprise Editions that compromises service availability due to a problem with issue previews. This vulnerability impacts all versions of GitLab CE/EE from 16.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1. Users should ...

A security issue has been identified in GitLab EE/CE that allows unauthorized tracking of user browsing activities. This tracking can lead to a complete account take-over by malicious actors. The vulnerability affects all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17...

A race condition vulnerability has been identified in Apple's operating systems that can be exploited via maliciously crafted archives. When unpacking such archives, the flaw permits attackers to write arbitrary files on the system, potentially compromising the integrity and confidentiality of se...

The-wound WordPress theme prior to version 0.0.1 has a Local File Inclusion vulnerability that arises from improper validation of input parameters. This flaw allows unauthenticated users to exploit the theme, leading to potential unauthorized access to sensitive files on the server. By crafting s...

The Category Posts Widget plugin for WordPress prior to version 4.9.20 is susceptible to stored Cross-Site Scripting due to improper sanitization and escaping of certain settings. This flaw allows high privilege users, such as administrators, to potentially execute malicious scripts, even in envi...

An external control of file name or path in Windows NTLM enables unauthorized attackers to exploit a vulnerability, leading to potential spoofing attacks over a network. This situation poses a significant threat as attackers may gain access to sensitive information or systems.

The User Registration & Membership Plugin for WordPress, prior to version 4.1.3, suffers from a data validation flaw in an AJAX action, particularly when the Membership Addon is enabled. This vulnerability allows an attacker to authenticate as any user—including administrators—by exploiting the t...

The Front End Users plugin for WordPress, up to version 3.2.32, contains a vulnerability where a parameter is not properly sanitized and escaped before being displayed on the page. This oversight can be exploited to execute arbitrary JavaScript in the context of high privilege users, including ad...

Neo4j versions prior to 3.4.18, when the shell server is enabled, expose a Remote Method Invocation (RMI) service that is vulnerable to arbitrary deserialization of Java objects. This flaw allows attackers to exploit dependencies linked to insecure gadget chains, leading to potential remote code ...

The SolarWinds Web Help Desk software is susceptible to a hardcoded credential vulnerability that enables remote unauthenticated users to gain unauthorized access to the system's internal functionalities. This security flaw allows attackers to manipulate and modify critical data, potentially lead...

A vulnerability has been identified in xxyopen's Novel-Plus version 5.1.0 that affects the 'searchByPage' function in the file '/book/searchByPage'. An attacker can manipulate the 'sort' argument, enabling SQL injection that can be exploited remotely. Despite the early notification to the vendor ...

A significant vulnerability exists in the CodeCanyon RISE Ultimate Project Manager version 3.8.2, affecting the functionality of the Profile Picture Handler component. Specifically, the issue involves inadequate control over resource identifiers, particularly in the argument profile_image_file wi...

A buffer overflow vulnerability has been identified in the H3C GR-3000AX router, specifically within the HTTP POST Request Handler's functions such as EnableIpv6, UpdateWanModeMulti, UpdateIpv6Params, EditWlanMacList, and Edit_List_SSID. The vulnerability arises from improper handling of argument...

A vulnerability within YXJ2018 SpringBoot-Vue-OnlineExam allows attackers to change user passwords without verification by manipulating the studentId parameter through the /api/studentPWD endpoint. This flaw can be exploited remotely, raising serious security concerns as it jeopardizes user accou...

The Forkosh Mime Tex software, prior to version 1.77, is susceptible to a directory traversal vulnerability. This flaw enables an attacker to manipulate file paths and potentially upload malicious files, culminating in arbitrary code execution on the server. Proper input validation measures shoul...

An improper authentication vulnerability has been identified in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This flaw affects the processing of the API component, allowing attackers to manipulate it for unauthorized access. Although the attack complexity is considered high and exploitation is known to...

A vulnerability exists in the registration functionality of the markparticle WebServer, specifically located in the file code/http/httprequest.cpp. An attacker can exploit this vulnerability by manipulating the username and password parameters, leading to potential SQL injection attacks. This iss...

A vulnerability has been identified in the markparticle WebServer, specifically affecting versions up to 1.0, where the Buffer::HasWritten function in buffer.cpp can be manipulated. This vulnerability enables attackers to initiate a buffer overflow by controlling the writePos_ argument, allowing ...

A security flaw has been identified in panhainan DS-Java 1.0, where an unknown function is susceptible to cross-site request forgery (CSRF). This vulnerability enables remote attackers to manipulate requests, potentially leading to unauthorized actions on behalf of authenticated users. The exploi...

A vulnerability exists in Panhainan's DS-Java 1.0, specifically within the function `uploadUserPic.action` located in the file `src/com/phn/action/FileUpload.java`. This flaw allows attackers to manipulate the `fileUpload` argument, potentially leading to code injection attacks. The vulnerability...

A vulnerability exists in the Wix-Incubator Jam that impacts the Jinja2 Template Handler, specifically in the jam.py file. This issue arises from improper neutralization of the config['template'] argument, allowing special elements utilized in the template engine to be exploited. Attackers can po...

A memory corruption issue has been found in various Apple operating systems, which could be exploited through a specially crafted audio stream in a media file. This vulnerability has the potential to allow unauthorized code execution, posing significant risk to impacted devices. Apple has impleme...

A vulnerability in Vite's frontend development tooling allows attackers to bypass file access restrictions. Specifically, versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 expose the risk where app URLs can be manipulated with trailing query parameters such as '?raw?' or '?import&raw?' t...

In certain versions of PHP, particularly 8.1.*, 8.2.*, and 8.3.* running on Windows with Apache and PHP-CGI, a vulnerability arises when specific code pages are configured. This results in Windows utilizing 'Best-Fit' behavior to handle character replacements for command-line inputs aimed at Win3...

Sonatype Nexus Repository Manager prior to version 3.15.0 contains an access control vulnerability that may allow unauthorized users to access restricted resources and perform unintended actions. This could lead to potential data leakage and compromise of sensitive information. It is crucial for ...

In eProsima Fast DDS, a vulnerability arises due to a failure to encrypt the data (`p[UD]`) and `guid` values used for disconnecting between nodes. This allows an attacker to forcibly disconnect Subscribers from the system, preventing them from receiving any data. When an attacker continuously se...

An unrestricted file upload vulnerability exists in the Kuangstudy KuangSimpleBBS 1.0 software, specifically in the fileUpload function of the QuestionController.java file. This flaw allows attackers to upload potentially malicious files by manipulating the editormd-image-file argument. Such an e...

A Cross-Site Scripting (XSS) vulnerability exists in Roundcube Webmail prior to version 1.2.13, 1.3.16, and 1.4.10. This flaw allows attackers to exploit the application by sending a specially crafted plain text email containing JavaScript code. The vulnerability arises from improper handling of ...

A SQL injection vulnerability has been identified in the PHPGurukul Men Salon Management System version 1.0. This flaw exists in the /admin/sales-reports-detail.php file, where improper validation of the 'fromdate' and 'todate' parameters allows attackers to manipulate SQL queries. The vulnerabil...

A SQL injection vulnerability exists within the PHPGurukul Men Salon Management System, specifically affecting the processing of the 'remark' parameter in the /admin/view-appointment.php script. This issue allows an attacker to craft a malicious request, potentially leading to unauthorized databa...

A security flaw has been detected in the PHPGurukul Men Salon Management System version 1.0, specifically within the /admin/forgot-password.php file. This vulnerability allows attackers to manipulate email argument input, leading to SQL injection issues that can be exploited remotely. As the deta...

The vulnerability in Kitty before version 0.41.0 originates from the open_actions.py script, which fails to prompt users for confirmation before executing local files that may be linked within documents from untrusted sources, such as those opened in KDE Ghostwriter. This design flaw can allow ma...

The vulnerability in GNU Mailman version 2.1.39, as packaged with cPanel, exposes an endpoint that allows unauthenticated attackers to create email distribution lists. This poses significant security risks, as it could be exploited to spread spam or malicious content, affecting the integrity and ...

An arbitrary command execution vulnerability exists in GNU Mailman 2.1.39, bundled with cPanel and WHM, that permits unauthenticated attackers to execute arbitrary operating system commands. This occurs due to improper handling of shell metacharacters within the email Subject lines, potentially l...

The vulnerability within GNU Mailman 2.1.39, as deployed in cPanel, permits unauthorized users to exploit a directory traversal flaw. By manipulating the username parameter at the private archive endpoint, attackers may access arbitrary files on the server, leading to potential exposure of sensit...

A cross site scripting vulnerability exists in the add-admin.php file of the SourceCodester Web-based Pharmacy Product Management System 1.0. This flaw allows unauthorized remote attackers to manipulate input fields such as txtpassword, txtfullname, and txtemail, leading to potential malicious sc...

The Erlang/OTP SSH server prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 contains a critical flaw in SSH protocol message handling that allows attackers to bypass authentication and execute arbitrary commands remotely. This vulnerability can be exploited to gain unauthorized acces...

A critical vulnerability has been identified in Tenda W12 and i24 products, specifically in the function cgiSysUplinkCheckSet located in /bin/httpd. This vulnerability allows for a stack-based buffer overflow upon manipulation of the arguments hostIp1 and hostIp2, potentially exposing the device ...

A vulnerability exists in the PHPGurukul Men Salon Management System 1.0, specifically within the /admin/search-appointment.php file. This weakness allows an attacker to manipulate the 'searchdata' argument, potentially leading to SQL injection. Because this can be exploited remotely, it's crucia...

A vulnerability in the webpy framework's PostgresDB._process_insert_query function may allow an attacker to execute SQL injection attacks. The weakness arises from manipulation of the argument seqname, making it possible for a remote attacker to craft input that could compromise the database. As ...

A SQL injection vulnerability affects the SourceCodester Online Eyewear Shop 1.0, enabling unauthorized manipulation of arguments in the Master.php file via the delete_stock endpoint. Exploiting this vulnerability remotely compromises database security and may lead to unauthorized data access or ...

A notable OS command injection vulnerability exists in CicadasCMS 2.0, specifically affecting the Scheduled Task Handler component. This flaw enables unauthorized actors to execute arbitrary OS commands on the server, which can be exploited remotely. The affected code is found in the /system/sche...

A cross-site request forgery (CSRF) vulnerability has been identified in My-BBS 1.0 by zhenfeng13, allowing remote attackers to perform unauthorized actions on behalf of users. This security flaw may affect multiple endpoints, enabling the attacker to manipulate requests without the user's consen...

A vulnerability in My-BBS version 1.0 allows unauthorized users to upload files without proper validation, affecting the UploadController.java component. This flaw opens the door for remote attacks, potentially allowing malicious users to gain access to sensitive system components. The public dis...

A cross-site scripting vulnerability has been identified in dazhouda lecms versions up to 3.0.3, specifically affecting the Edit Profile Handler located at /admin. This vulnerability enables attackers to execute arbitrary JavaScript in the context of the affected user's session. The exploitation ...

A critical vulnerability found in Sarrionandia's Tournatrack exposes the system to potential injection attacks through the Jinja2 Template Handler's file, check_id.py. An attacker can exploit this vulnerability by manipulating the argument ID, allowing unauthorized command execution on the local ...