Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modificat...
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. Use...
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS) payload into the 'Hostname' field of the c...
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service (DoS) on the web interface of the device. This issue affects Regesta Smar...
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting i...
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.