A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across...
An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the...
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02
Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries.This issue affects e-Fatura: before 1.2.15. More information : https://www.usom.gov.tr/bildirim/tr-25-0474
Mattermost versions 11.1.x
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring:...
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02
Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0...
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon Infra Monitoring – Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This...
Cross-Site Request Forgery (CSRF) vulnerability in Kunal Nagar Custom 404 Pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through 3.12.0. More information : https://vdp.patchstack.com/database/wordpress/plugin/custom-404-pro/vulnerability/wordpress-custom-404-pro-plugin-3-12-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through 1.1.7. More information : https://vdp.patchstack.com/database/wordpress/plugin/feather-login-page/vulnerability/wordpress-feather-login-page-plugin-1-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Voidthemes Void Elementor WHMCS Elements For Elementor Page Builder.This issue affects Void Elementor WHMCS Elements For Elementor Page Builder: from n/a through...