An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can...

A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker...

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker...

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due...

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger...

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. More information : https://gist.github.com/stevenyu113228/8ddb33c26f3a5987f5382a3d7744c241

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. More information : https://gist.github.com/stevenyu113228/07639885a3357674f44b44e6e891bb34

Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device’s XML database, including the administrator’s password. More information : https://gist.github.com/stevenyu113228/0bf32385245f71dfe11b0ef77c468392

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. More information : https://gist.github.com/stevenyu113228/1fc5dcc63e4b4e9f5523167be11abf17

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource....

A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site...

The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the ‘lens’ parameter. This makes it possible for authenticated attackers, with Contributor-level access...

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter allows Cross-Site Request Forgery.This issue affects Post Type Converter: from n/a through 0.6. More information : https://patchstack.com/database/wordpress/plugin/post-type-converter/vulnerability/wordpress-post-type-converter-plugin-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import...