Recent
jackq XCMS Backend ProductImageController.class.php upload unrestricted upload
Published 2025-12-27 by VulDB
Information Leak of Memory in getimagesize
Published 2025-12-27 by php
Heap buffer overflow in array_merge()
Published 2025-12-27 by php
NULL Pointer Dereference in PDO quoting
Published 2025-12-27 by php
jackq XCMS upload.php unrestricted upload
Published 2025-12-27 by VulDB
PandaXGO PandaX JWT Secret config.yml hard-coded key
Published 2025-12-27 by VulDB
actiontech sqle JWT Secret jwt.go hard-coded key
Published 2025-12-27 by VulDB
getmaxun Authentication Endpoint auth.ts router.get improper authorization
Published 2025-12-27 by VulDB
getmaxun auth.ts hard-coded key
Published 2025-12-27 by VulDB
NanoMQ has a Use After Free vulnerability via sub info list
Published 2025-12-27 by GitHub_M
1-click Remote Code Execution (RCE) vulnerability in Eigent
Published 2025-12-27 by GitHub_M
SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret
Published 2025-12-27 by GitHub_M
Improper Neutralization of HTML Tags in a Web Page in libredesk
Published 2025-12-27 by GitHub_M
Published 2025-12-27 by mitre
ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling
Published 2025-12-26 by GitHub_M
ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling
Published 2025-12-26 by GitHub_M
FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After
Published 2025-12-26 by GitHub_M
FreshRSS has weak cryptographic randomness in remember-me token and nonce generation
Published 2025-12-26 by GitHub_M
StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection
Published 2025-12-26 by GitHub_M
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
Published 2025-12-26 by GitHub_M
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
Published 2025-12-26 by GitHub_M
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
Published 2025-12-26 by GitHub_M
n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
Published 2025-12-26 by GitHub_M
apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker
Published 2025-12-26 by Sonatype
Time-of-check Time-of-use (TOCTOU) in IBM Concert Software.
Published 2025-12-26 by ibm
XSS in IBM Aspera Faspex
Published 2025-12-26 by ibm
Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex
Published 2025-12-26 by ibm
Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
Published 2025-12-26 by ibm
Missing Authorization with the DS8900F and DS8A00 Hardware Management Console
Published 2025-12-26 by ibm
Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center
Published 2025-12-26 by ibm
Authentication bypass in IBM API Connect
Published 2025-12-26 by ibm
IBM Concert Software Improper Restriction of Operations within the Bounds of a Memory Buffer.
Published 2025-12-26 by ibm
BM Concert Software Improper Clearing of Heap Memory Before Release.
Published 2025-12-26 by ibm
Published 2025-12-26 by Eaton
Published 2025-12-26 by Eaton
Published 2025-12-26 by Eaton
DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information
Published 2025-12-26 by Deltaww
Improper Input Validation
Published 2025-12-26 by Hanwha_Vision
Hardcoding sensitive information
Published 2025-12-26 by Hanwha_Vision
Improper Input Validation
Published 2025-12-26 by Hanwha_Vision
Published 2025-12-26 by mitre
Inadequate account permissions management
Published 2025-12-26 by Hanwha_Vision
Insufficient certificate validation
Published 2025-12-26 by Hanwha_Vision
simstudioai sim CRON Secret internal.ts improper authentication
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
Alteryx Server status improper authentication
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
postmanlabs httpbin core.py cross site scripting
Published 2025-12-26 by VulDB
sunkaifei FlyCMS User Login UserController.java userLogin cross site scripting
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting
Published 2025-12-26 by VulDB
UTT 进取 512W ConfigExceptMSN strcpy buffer overflow
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-25 by mitre
UTT 进取 512W formPictureUrl strcpy buffer overflow
Published 2025-12-25 by VulDB
Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion
Published 2025-12-25 by Wordfence
UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow
Published 2025-12-25 by VulDB
UTT 进取 512W APSecurity strcpy buffer overflow
Published 2025-12-25 by VulDB
ketr JEPaaS loadPostil postilService.loadPostils sql injection
Published 2025-12-25 by VulDB
youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization
Published 2025-12-25 by VulDB
youlaitech youlai-mall MemberController.java getMemberByMobile access control
Published 2025-12-25 by VulDB
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization
Published 2025-12-25 by VulDB
youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control
Published 2025-12-25 by VulDB
TOZED ZLT M30s UART on-chip debug and test interface with improper access control
Published 2025-12-25 by VulDB
TOZED ZLT M30s Web Management proc_post information disclosure
Published 2025-12-25 by VulDB
JD Cloud BE6500 jdcapi sub_4780 command injection
Published 2025-12-25 by VulDB
XSS in Verisay Communication's Aidango
Published 2025-12-25 by TR-CERT
XSS in Verisay Communication's Trizbi
Published 2025-12-25 by TR-CERT
XSS in Verisay Communication's Titarus
Published 2025-12-25 by TR-CERT
itsourcecode Student Management System list_report.php sql injection
Published 2025-12-25 by VulDB
itsourcecode Student Management System form137.php sql injection
Published 2025-12-25 by VulDB
Tenda CH22 public path traversal
Published 2025-12-25 by VulDB
itsourcecode Student Management System student_p.php sql injection
Published 2025-12-25 by VulDB
itsourcecode Online Frozen Foods Ordering System customer_details.php sql injection
Published 2025-12-25 by VulDB
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-24 by mitre
itsourcecode Online Frozen Foods Ordering System contact_us.php sql injection
Published 2025-12-24 by VulDB
Published 2025-12-24 by mitre
Published 2025-12-24 by mitre
Published 2025-12-24 by mitre
MegaSys Computer Technologies Telenium Online Web Application Improper Input Validation
Published 2025-12-24 by icscert
Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function
Published 2025-12-24 by icscert
Published 2025-12-24 by mitre
Published 2025-12-24 by mitre
Published 2025-12-24 by mitre
LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities
Published 2025-12-24 by VulnCheck
LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation
Published 2025-12-24 by VulnCheck
VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal
Published 2025-12-24 by VulnCheck
VideoFlow Digital Video Protection DVP 2.10 Authenticated Remote Code Execution
Published 2025-12-24 by VulnCheck
KYOCERA Net Admin 3.4.0906 Cross-Site Request Forgery via User Administration
Published 2025-12-24 by VulnCheck
KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection
Published 2025-12-24 by VulnCheck
Teradek VidiU Pro 3.0.3 Cross-Site Request Forgery via Password Change
Published 2025-12-24 by VulnCheck
Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings
Published 2025-12-24 by VulnCheck
Devolo dLAN 500 AV Wireless+ 3.1.0-1 Cross-Site Request Forgery
Published 2025-12-24 by VulnCheck
devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr
Published 2025-12-24 by VulnCheck
Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure
Published 2025-12-24 by VulnCheck
Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability
Published 2025-12-24 by VulnCheck
Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure
Published 2025-12-24 by VulnCheck
Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions
Published 2025-12-24 by VulnCheck
Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities
Published 2025-12-24 by VulnCheck
FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test
Published 2025-12-24 by VulnCheck
FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface
Published 2025-12-24 by VulnCheck
Load more ↓