A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer...
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability...
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages. More information : https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files. More information : https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users’ file resources without proper authorization. More information : https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages. More information : https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html
Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices,...
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the...
Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,...
Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,...
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. More information : https://github.com/llamastack/llama-stack/compare/v0.4.0rc2…v0.4.0rc3
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. More information : https://github.com/libexpat/libexpat/pull/1075
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication...
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. More information : https://gitlab.com/crafty-controller/crafty-4/-/issues/660