An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise. More information : https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-100-01
An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise. More information : https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-100-01
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by...
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution....
On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2....
Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Planned Hours field when creating a new project. When sending a...
Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors. More information : https://github.com/frdel/agent-zero/blob/v0.8.7/python/api/restart.py
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal. More information : https://github.com/agent0ai/agent-zero/issues/687
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and...
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This...
Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine...
A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to sql injection. Remote exploitation...
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The...