A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. ...

Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task.

An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileg ...

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits ...

A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of h ...

A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the appli ...

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the func ...

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication mea ...

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token ...

Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an exi ...

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an arch ...

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpa ...

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may ...

Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-2 ...

SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)

reNgine 2.2.0 - Command Injection (Authenticated)

openSIS 9.1 - SQLi (Authenticated)

dizqueTV 1.5.3 - Remote Code Execution (RCE)

NoteMark < 0.13.0 - Stored XSS

Gitea 1.22.0 - Stored XSS

Invesalius3 - Remote Code Execution

Windows TCP/IP - RCE Checker and Denial of Service

Aurba 501 - Authenticated RCE

HughesNet HT2000W Satellite Modem - Password Reset

Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass

Helpdeskz v2.0.2 - Stored XSS

Calibre-web 0.6.21 - Stored XSS

Devika v1 - Path Traversal via 'snapshot_path'

Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path

Oracle Database 12c Release 1 - Unquoted Service Path