ABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta.abcfinewineandspirits), developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly...
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information (such as device identifiers and birthdays) and access private group information,...
Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 – 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API...
Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability. An unauthenticated attacker with remote access could potentially...
Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . More information : https://azure-access.com/security-advisories
Lack of Graceful Error Handling – HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . More information : https://azure-access.com/security-advisories
Systemic Internal Server Errors – HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . More information : https://azure-access.com/security-advisories
The following HP Card Readers B Models (X3D03B & Y7C05B) are potentially vulnerable to information disclosure, allowing prior user identity to be inherited under certain conditions —e.g., when an NFC device (such as a smartphone/smartwatches)...
Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module. More information : https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5347.html
Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option. More information : https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5343.html
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module. More information : https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5342.html
Cross-site scripting (XSS) vulnerability in blog-details.php in Hiruna Gallage’s Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter. More information : https://gist.github.com/Kiezroy/3396b04389c0b91815e538590167f670
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability...
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability...