The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is due to missing capability check. This makes it possible for authenticated attackers, with Su...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service.ย ย This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availability...
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3.
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. However, when interacting directly with the API, the r...
Memory corruption while using alignments for memory allocation.
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses (e.g., 127.0.0.1, localhost, or pr...
Memory Corruption when processing invalid user address with nonstandard buffer address.
Memory Corruption when adding user-supplied data without checking available buffer space.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
Memory Corruption when accessing trusted execution environment without proper privilege check.
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
Memory corruption while handling different IOCTL calls from the user-space simultaneously.