An SQL Injection vulnerability exists in Teampass prior to version 3.0.0.23, which allows attackers to manipulate SQL queries by injecting malicious code. This can lead to unauthorized access and exposure of sensitive data stored within the application. It is crucial for users of Teampass to upgr...

A vulnerability exists in Ruby on Rails that allows an attacker to exploit the development mode environment. Specifically, if the application runs on versions below 5.2.2.1 or 6.0.0.beta3, the system's automatically generated development mode secret token can be guessed. This token, when combined...

The ThemeKraft BuddyForms plugin contains a vulnerability characterized by improper limitations of a pathname, which can lead to server-side request forgery (SSRF) and relative path traversal. This issue exposes systems running BuddyForms, from implementations pre-dating version 2.8.8, to potenti...

A Cross Site Scripting vulnerability exists in Wonder CMS versions 3.2.0 through 3.4.2. This vulnerability allows remote attackers to inject arbitrary scripts into the installModule component. Such an attack could lead to unauthorized script execution, placing user data and the integrity of the w...

A vulnerability in Action Pack of Ruby on Rails allows remote attackers to execute arbitrary Ruby code due to unrestricted use of the render method. This can happen when the application fails to properly sanitize user input before rendering, enabling attackers to manipulate the application’s runt...

A vulnerability exists in the mailSend function of the isMail transport in PHPMailer prior to version 5.2.18. This flaw enables remote attackers to inject additional parameters into the mail command, thus potentially executing arbitrary code. The exploitation occurs through a crafted Sender prope...

The Cisco node-jose library prior to version 0.11.0 contains a vulnerability that allows an unauthenticated remote attacker to re-sign JSON Web Signature (JWS) tokens. This stems from the library's compliance with the JSON Web Signature standards, which allows a JSON Web Key (JWK) embedding withi...

A vulnerability in the Flask framework allows for session data to be improperly cached by proxies, potentially exposing sensitive session cookies to unintended clients. This occurs when certain conditions are met: the application must be behind a caching proxy that fails to strip cookies, use per...

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.

The Icegram Express WordPress plugin prior to version 5.7.50 is susceptible to a stored Cross-Site Scripting vulnerability due to inadequate sanitization and escaping of certain Template settings. This flaw could enable users with high privileges, such as admins, to execute malicious scripts on a...

The tar-fs package contains vulnerabilities that allow for improper link resolution before file access and improper limitations on pathnames during file extraction. By exploiting these flaws, an attacker can craft a malicious tar file, leading to unauthorized file writes or overwrites outside the...

The GitHub ToolKit for developing GitHub Actions contains a vulnerability that allows arbitrary file writes when using methods like `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal`. Specifically, this vulnerability arises when processing specially crafted artifacts...

GeoServer, an open-source server for sharing and editing geospatial data, is susceptible to misuse in its PostGIS Datastore functions. This vulnerability arises from improper handling of certain function calls within the OGC Filter expression language and Common Query Language (CQL). Users are en...

An access control flaw has been identified in GitLab EE that permits users to access sensitive project information, even when specific features are disabled. This issue impacts all versions of GitLab EE from 17.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. The vulnerability rel...

An issue has been identified in GitLab Community and Enterprise Editions that compromises service availability due to a problem with issue previews. This vulnerability impacts all versions of GitLab CE/EE from 16.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1. Users should ...

A security issue has been identified in GitLab EE/CE that allows unauthorized tracking of user browsing activities. This tracking can lead to a complete account take-over by malicious actors. The vulnerability affects all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17...

A race condition vulnerability has been identified in Apple's operating systems that can be exploited via maliciously crafted archives. When unpacking such archives, the flaw permits attackers to write arbitrary files on the system, potentially compromising the integrity and confidentiality of se...

The-wound WordPress theme prior to version 0.0.1 has a Local File Inclusion vulnerability that arises from improper validation of input parameters. This flaw allows unauthenticated users to exploit the theme, leading to potential unauthorized access to sensitive files on the server. By crafting s...

The Category Posts Widget plugin for WordPress prior to version 4.9.20 is susceptible to stored Cross-Site Scripting due to improper sanitization and escaping of certain settings. This flaw allows high privilege users, such as administrators, to potentially execute malicious scripts, even in envi...

An external control of file name or path in Windows NTLM enables unauthorized attackers to exploit a vulnerability, leading to potential spoofing attacks over a network. This situation poses a significant threat as attackers may gain access to sensitive information or systems.

The User Registration & Membership Plugin for WordPress, prior to version 4.1.3, suffers from a data validation flaw in an AJAX action, particularly when the Membership Addon is enabled. This vulnerability allows an attacker to authenticate as any user—including administrators—by exploiting the t...

The Front End Users plugin for WordPress, up to version 3.2.32, contains a vulnerability where a parameter is not properly sanitized and escaped before being displayed on the page. This oversight can be exploited to execute arbitrary JavaScript in the context of high privilege users, including ad...

Neo4j versions prior to 3.4.18, when the shell server is enabled, expose a Remote Method Invocation (RMI) service that is vulnerable to arbitrary deserialization of Java objects. This flaw allows attackers to exploit dependencies linked to insecure gadget chains, leading to potential remote code ...

The SolarWinds Web Help Desk software is susceptible to a hardcoded credential vulnerability that enables remote unauthenticated users to gain unauthorized access to the system's internal functionalities. This security flaw allows attackers to manipulate and modify critical data, potentially lead...

A vulnerability has been identified in xxyopen's Novel-Plus version 5.1.0 that affects the 'searchByPage' function in the file '/book/searchByPage'. An attacker can manipulate the 'sort' argument, enabling SQL injection that can be exploited remotely. Despite the early notification to the vendor ...

A significant vulnerability exists in the CodeCanyon RISE Ultimate Project Manager version 3.8.2, affecting the functionality of the Profile Picture Handler component. Specifically, the issue involves inadequate control over resource identifiers, particularly in the argument profile_image_file wi...

A buffer overflow vulnerability has been identified in the H3C GR-3000AX router, specifically within the HTTP POST Request Handler's functions such as EnableIpv6, UpdateWanModeMulti, UpdateIpv6Params, EditWlanMacList, and Edit_List_SSID. The vulnerability arises from improper handling of argument...

A vulnerability within YXJ2018 SpringBoot-Vue-OnlineExam allows attackers to change user passwords without verification by manipulating the studentId parameter through the /api/studentPWD endpoint. This flaw can be exploited remotely, raising serious security concerns as it jeopardizes user accou...

The Forkosh Mime Tex software, prior to version 1.77, is susceptible to a directory traversal vulnerability. This flaw enables an attacker to manipulate file paths and potentially upload malicious files, culminating in arbitrary code execution on the server. Proper input validation measures shoul...

An improper authentication vulnerability has been identified in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This flaw affects the processing of the API component, allowing attackers to manipulate it for unauthorized access. Although the attack complexity is considered high and exploitation is known to...

A vulnerability exists in the registration functionality of the markparticle WebServer, specifically located in the file code/http/httprequest.cpp. An attacker can exploit this vulnerability by manipulating the username and password parameters, leading to potential SQL injection attacks. This iss...

A vulnerability has been identified in the markparticle WebServer, specifically affecting versions up to 1.0, where the Buffer::HasWritten function in buffer.cpp can be manipulated. This vulnerability enables attackers to initiate a buffer overflow by controlling the writePos_ argument, allowing ...

A security flaw has been identified in panhainan DS-Java 1.0, where an unknown function is susceptible to cross-site request forgery (CSRF). This vulnerability enables remote attackers to manipulate requests, potentially leading to unauthorized actions on behalf of authenticated users. The exploi...

A vulnerability exists in Panhainan's DS-Java 1.0, specifically within the function `uploadUserPic.action` located in the file `src/com/phn/action/FileUpload.java`. This flaw allows attackers to manipulate the `fileUpload` argument, potentially leading to code injection attacks. The vulnerability...

A vulnerability exists in the Wix-Incubator Jam that impacts the Jinja2 Template Handler, specifically in the jam.py file. This issue arises from improper neutralization of the config['template'] argument, allowing special elements utilized in the template engine to be exploited. Attackers can po...

A memory corruption issue has been found in various Apple operating systems, which could be exploited through a specially crafted audio stream in a media file. This vulnerability has the potential to allow unauthorized code execution, posing significant risk to impacted devices. Apple has impleme...

A vulnerability in Vite's frontend development tooling allows attackers to bypass file access restrictions. Specifically, versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 expose the risk where app URLs can be manipulated with trailing query parameters such as '?raw?' or '?import&raw?' t...

In certain versions of PHP, particularly 8.1.*, 8.2.*, and 8.3.* running on Windows with Apache and PHP-CGI, a vulnerability arises when specific code pages are configured. This results in Windows utilizing 'Best-Fit' behavior to handle character replacements for command-line inputs aimed at Win3...

Sonatype Nexus Repository Manager prior to version 3.15.0 contains an access control vulnerability that may allow unauthorized users to access restricted resources and perform unintended actions. This could lead to potential data leakage and compromise of sensitive information. It is crucial for ...

In eProsima Fast DDS, a vulnerability arises due to a failure to encrypt the data (`p[UD]`) and `guid` values used for disconnecting between nodes. This allows an attacker to forcibly disconnect Subscribers from the system, preventing them from receiving any data. When an attacker continuously se...

An unrestricted file upload vulnerability exists in the Kuangstudy KuangSimpleBBS 1.0 software, specifically in the fileUpload function of the QuestionController.java file. This flaw allows attackers to upload potentially malicious files by manipulating the editormd-image-file argument. Such an e...

A Cross-Site Scripting (XSS) vulnerability exists in Roundcube Webmail prior to version 1.2.13, 1.3.16, and 1.4.10. This flaw allows attackers to exploit the application by sending a specially crafted plain text email containing JavaScript code. The vulnerability arises from improper handling of ...

A SQL injection vulnerability has been identified in the PHPGurukul Men Salon Management System version 1.0. This flaw exists in the /admin/sales-reports-detail.php file, where improper validation of the 'fromdate' and 'todate' parameters allows attackers to manipulate SQL queries. The vulnerabil...

A SQL injection vulnerability exists within the PHPGurukul Men Salon Management System, specifically affecting the processing of the 'remark' parameter in the /admin/view-appointment.php script. This issue allows an attacker to craft a malicious request, potentially leading to unauthorized databa...

A security flaw has been detected in the PHPGurukul Men Salon Management System version 1.0, specifically within the /admin/forgot-password.php file. This vulnerability allows attackers to manipulate email argument input, leading to SQL injection issues that can be exploited remotely. As the deta...

The vulnerability in Kitty before version 0.41.0 originates from the open_actions.py script, which fails to prompt users for confirmation before executing local files that may be linked within documents from untrusted sources, such as those opened in KDE Ghostwriter. This design flaw can allow ma...

The vulnerability in GNU Mailman version 2.1.39, as packaged with cPanel, exposes an endpoint that allows unauthenticated attackers to create email distribution lists. This poses significant security risks, as it could be exploited to spread spam or malicious content, affecting the integrity and ...

An arbitrary command execution vulnerability exists in GNU Mailman 2.1.39, bundled with cPanel and WHM, that permits unauthenticated attackers to execute arbitrary operating system commands. This occurs due to improper handling of shell metacharacters within the email Subject lines, potentially l...

The vulnerability within GNU Mailman 2.1.39, as deployed in cPanel, permits unauthorized users to exploit a directory traversal flaw. By manipulating the username parameter at the private archive endpoint, attackers may access arbitrary files on the server, leading to potential exposure of sensit...

A cross site scripting vulnerability exists in the add-admin.php file of the SourceCodester Web-based Pharmacy Product Management System 1.0. This flaw allows unauthorized remote attackers to manipulate input fields such as txtpassword, txtfullname, and txtemail, leading to potential malicious sc...