A significant vulnerability has been identified in OpenSSH when the VerifyHostKeyDNS option is activated. This flaw allows a malicious actor to conduct a man-in-the-middle attack by impersonating a legitimate server. The crux of the issue lies in the mishandling of error codes by OpenSSH during t...

A critical SQL injection vulnerability affects the dingfanzu CMS, specifically at the /ajax/loadShopInfo.php endpoint. This flaw arises due to improper handling of the shopId parameter, allowing remote attackers to execute arbitrary SQL queries. The risk is heightened as the vulnerability has bee...

A path traversal vulnerability has been identified in iteachyou Dreamer CMS version 4.1.3, affecting the processing of the /resource/js/ueditor-1.4.3.3 file. This issue can be exploited remotely, allowing attackers to manipulate file paths and potentially access restricted directories. The vulner...

A security vulnerability has been identified in D-Link DAP-1320 version 1.00, specifically within the function replace_special_char in the file /storagein.pd-XXXXXX. This flaw allows for a stack-based buffer overflow, which can be exploited remotely by attackers. Notably, this vulnerability affec...

A significant vulnerability has been identified in the D-Link DAP-1320 version 1.00, specifically within the set_ws_action function of the /dws/api/ file. This flaw results in a heap-based buffer overflow, which could be exploited remotely, potentially allowing attackers to manipulate system beha...

An SQL injection vulnerability exists in Harpia DiagSystem 12, specifically within the file /diagsystem/PACS/atualatendimento_jpeg.php. The flaw arises from improper handling of the input parameter 'codexame', allowing attackers to manipulate SQL queries. This vulnerability can be exploited remot...

A vulnerability has been identified in the Raisecom Multi-Service Intelligent Gateway, specifically within the Request Parameter Handler of the /vpn/vpn_template_style.php file. This flaw allows for OS command injection due to improper handling of the 'stylenum' argument. Attackers can exploit th...

A SQL injection vulnerability exists in the Baiyi Cloud Asset Management System, specifically in the /wuser/admin.ticket.close.php file. This vulnerability enables attackers to manipulate the ticket_id parameter, which can lead to unauthorized access to the database. The exploit can be executed r...

The Ajax Search Lite WordPress plugin prior to version 4.12.5 is susceptible to Stored Cross-Site Scripting due to improper sanitization and escaping of certain settings. This vulnerability allows users with elevated privileges, including administrators, to execute malicious scripts, even in envi...

The Carousel, Slider, Gallery by WP Carousel WordPress plugin prior to version 2.7.4 is vulnerable due to inadequate sanitization and escaping of certain settings. This flaw allows users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even i...

The DumpDrop file upload application has exposed an OS Command Injection vulnerability in its `/upload/init` endpoint. This issue arises when the Apprise Notification feature is enabled, allowing attackers to execute arbitrary code remotely. Users of affected DumpDrop versions are strongly advise...

The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit the 'edit_id' and 'dropship_edit_id' parameters. Due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries, att...

The LTL Freight Quotes – SEFL Edition plugin for WordPress is susceptible to SQL Injection through the 'dropship_edit_id' and 'edit_id' parameters. This vulnerability arises from inadequate escaping of user-supplied parameters and insufficient query preparation, allowing unauthenticated attackers...

The LTL Freight Quotes – TForce Edition plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit SQL Injection through the 'dropship_edit_id' and 'edit_id' parameters. This arises from inadequate input escaping and improper handling of SQL queries, enabling attack...

The LTL Freight Quotes – SAIA Edition plugin for WordPress is susceptible to SQL Injection through the 'edit_id' and 'dropship_edit_id' parameters. This vulnerability is present in all versions up to and including 2.2.10 due to inadequate escaping of user-supplied input and the absence of proper ...

The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is susceptible to SQL Injection through the 'edit_id' and 'dropship_edit_id' parameters. This vulnerability arises from inadequate escaping of user-supplied input and insufficient preparation in the SQL query, enabling unauthentica...

The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is affected by a SQL Injection vulnerability through the 'edit_id' and 'dropship_edit_id' parameters. This flaw arises from inadequate escaping of user-supplied data and insufficient preparation of SQL queries. As a result, unauth...

The Estes Edition plugin for WordPress is susceptible to an SQL Injection vulnerability through the 'dropship_edit_id' and 'edit_id' parameters. Due to insufficient escaping of user-supplied inputs and the absence of adequate preparation of SQL queries, this flaw allows unauthenticated attackers ...

The iconv() function in the GNU C Library (glibc) has a vulnerability that can cause a buffer overflow when converting strings to the ISO-2022-CN-EXT character set. This flaw occurs due to the function's failure to adequately check the size of the output buffer, allowing it to overflow by up to 4...

An authentication bypass vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to bypass necessary authentication. This issue enables potential manipulation of certain PHP scripts by attackers, which could compromise the in...

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. ...

The Simplified plugin by Kodeshpa contains a vulnerability that allows for the unrestricted upload of files with dangerous types. This flaw could enable attackers to upload malicious files to the server, posing significant security risks. Versions affected include all releases from n/a to 1.0.6, ...

Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file.

The HTTP/2 protocol is susceptible to a denial of service vulnerability that can be exploited via rapid stream resets. This allows attackers to overwhelm servers by rapidly canceling requests, leading to significant resource consumption and potential service disruption. Exploitation of this vulne...

A code injection vulnerability has been identified in the maintenance component of LMXCMS version 1.41, specifically within the 'db.inc.php' file. This flaw allows an attacker to manipulate the system remotely, potentially injecting malicious code. Although the attack's complexity is notably high...

A vulnerability has been identified in the Baiyi Cloud Asset Management System affecting the admin.house.collect.php file. The flaw arises from inadequate validation of the project_id argument, allowing attackers to execute arbitrary SQL commands remotely. This weakness poses a significant risk a...

The Master Slider WordPress plugin prior to version 3.10.5 is susceptible to stored cross-site scripting vulnerabilities due to improper sanitization and escaping of its settings. This flaw can be exploited by users with high privileges, such as Editors and above, potentially allowing them to exe...

Ivanti Endpoint Manager is impacted by an absolute path traversal vulnerability that enables remote unauthenticated attackers to access and leak sensitive information. This issue affects Ivanti EPM versions released prior to the January 2025 security update. It is crucial for users of these produ...

A vulnerability exists in IBM Sterling B2B Integrator Standard Edition that allows an attacker within the local network to execute arbitrary code on the system. This is due to improper deserialization of untrusted data, which can lead to exploitation of the affected versions. Proper validation of...

A significant vulnerability has been identified in OpenSSH when the VerifyHostKeyDNS option is activated. This flaw allows a malicious actor to conduct a man-in-the-middle attack by impersonating a legitimate server. The crux of the issue lies in the mishandling of error codes by OpenSSH during t...

A command injection vulnerability has been identified in Synway SMG Gateway Management Software that affects versions up to 20250204. This flaw arises from improper handling of the 'retry' argument in the file 9-12ping.php, allowing an attacker to execute arbitrary commands on the server remotely...

The first article discusses two different critical vulnerabilities in the GNU C Library (glibc) that allow unprivileged attackers to gain root access on multiple major Linux distributions. The vulnerabilities are tracked as CVE-2023-4911 and CVE-2023-6246 and both can lead to local privilege esca...

A path traversal vulnerability has been identified in the A/B Image Optimizer plugin developed by Zach Swetz. This flaw allows attackers to access files outside the intended directory structure by manipulating file paths, potentially leading to unauthorized access to sensitive data on the server....

A flaw in Polkit allows an unprivileged local attacker to bypass credential checks for D-Bus requests. This can lead to the elevation of privileges to that of the root user, enabling the attacker to execute commands with elevated permissions. This vulnerability poses a significant threat to the c...

A vulnerability has been identified in PDF.js, specifically related to a missing type check when processing fonts. This oversight permits arbitrary JavaScript execution within the PDF.js environment. As a result, users of affected versions of Mozilla Firefox and Thunderbird could be vulnerable to...

A vulnerability has been identified in the Windows Disk Cleanup Tool that may allow attackers to escalate privileges on affected systems. By exploiting this flaw, an unauthorized user could gain elevated access to system functions and potentially compromise the integrity of the system. It is cruc...

A vulnerability exists in LimeSurvey 5.2.4 that permits remote code execution via the plugin upload and installation process. Attackers can exploit this weakness to upload arbitrary PHP code files, potentially compromising the integrity and security of the affected installation. This vulnerabilit...

A serious vulnerability has been identified in the Real Estate Property Management System version 1.0 developed by Code-Projects, specifically within the /ajax_city.php file. This vulnerability allows for SQL injection through the manipulation of the CityName argument, enabling attackers to execu...

A vulnerability exists in the Codezips Gym Management System 1.0, specifically related to the functionality in the file /dashboard/admin/del_plan.php. This security flaw stemmed from improper handling of input parameters, allowing an attacker to manipulate the 'name' argument to execute SQL injec...

A vulnerability exists in the Code-Projects Real Estate Property Management System's /Admin/CustomerReport.php file due to improper handling of user input in the 'city' parameter. This weakness allows attackers to perform SQL injection attacks, enabling them to manipulate database queries and pot...

A vulnerability has been identified in Needrestart, the tool developed by Qualys, which prior to version 3.8, can be exploited by local attackers. This flaw allows attackers to execute arbitrary code with root privileges by manipulating the PYTHONPATH environment variable when Needrestart runs th...

A vulnerability exists in the radare2 toolset, specifically in the rasm2 component. This issue, found in the function located in /libr/main/rasm2.c, results in memory corruption that can be exploited through local access. Exploitation of this vulnerability may compromise system integrity, making ...

The Coder plugin for WordPress, up to version 1.3.4, allows unauthenticated users to execute arbitrary SQL code through an AJAX action, due to insufficient sanitization and escaping of parameters. This vulnerability can lead to unauthorized access and manipulation of the database, posing signific...

The OWL Carousel Slider plugin for WordPress, up to version 2.2, contains a vulnerability that allows for reflected cross-site scripting. This occurs because the plugin fails to properly sanitize and escape a specific parameter when it is outputted back to the page. Attackers can exploit this fla...

The VR-Frases plugin for WordPress, up to version 3.0.1, is susceptible to a reflected cross-site scripting attack due to insufficient sanitization and escaping of user-supplied parameters. This vulnerability could allow attackers to execute scripts in the context of high-privilege users, such as...

The Tube Video Ads Lite plugin for WordPress, versions up to 1.5.7, contains a vulnerability that allows for reflected cross-site scripting. This is due to the failure to properly sanitize and escape user-inputted parameters before rendering them on the webpage. Exploitation of this vulnerability...

The Track Logins plugin for WordPress, up to version 1.0, is susceptible to SQL injection due to inadequate sanitization and escaping of a user-supplied parameter prior to its use in SQL statements. This oversight enables attackers, including malicious admins, to craft SQL queries that may compro...

The Wise Forms plugin for WordPress, up to version 1.2.0, contains a vulnerability that fails to properly sanitize and escape certain settings. This oversight allows unauthenticated users to exploit the plugin through crafted form submissions, leading to potential Stored Cross-Site Scripting (XSS...

A denial of service vulnerability has been identified in GNU elfutils version 0.192, specifically affecting the gelf_getsymshndx function within the eu-strip component's strip.c file. This vulnerability allows local attackers to manipulate the function to cause a denial of service, potentially di...

Strapi versions prior to 3.0.0-beta.17.5 contain a vulnerability that improperly manages password resets, leading to potential unauthorized access. The flaw resides in the strapi-admin and strapi-plugin-users-permissions components, which may enable attackers to bypass authentication mechanisms, ...