Recent
ZSPACE Z4Pro+ HTTP POST Request open zfilev2_api_open command injection
Published 2025-12-28 by VulDB
ZSPACE Z4Pro+ HTTP POST Request status zfilev2_api_SafeStatus command injection
Published 2025-12-28 by VulDB
shanyu SyCms Administrative Panel FileManageController.class.php addPost code injection
Published 2025-12-28 by VulDB
ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection
Published 2025-12-28 by VulDB
ZKTeco BioTime Endpoint safe_setting credentials storage
Published 2025-12-28 by VulDB
FantasticLBP Hotels_Server Room.php sql injection
Published 2025-12-28 by VulDB
JeecgBoot getPositionUserList improper authorization
Published 2025-12-28 by VulDB
JeecgBoot queryDepartPermission improper authorization
Published 2025-12-28 by VulDB
JeecgBoot list getParameterMap improper authorization
Published 2025-12-28 by VulDB
JeecgBoot datarule improper authorization
Published 2025-12-28 by VulDB
JeecgBoot datarule loadDatarule improper authorization
Published 2025-12-28 by VulDB
JeecgBoot getDeptRoleByUserId information disclosure
Published 2025-12-28 by VulDB
JeecgBoot getDeptRoleList improper authorization
Published 2025-12-28 by VulDB
JeecgBoot list queryPageList improper authorization
Published 2025-12-28 by VulDB
macrozheng mall Member Endpoint update improper authorization
Published 2025-12-28 by VulDB
Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization
Published 2025-12-28 by VulDB
OpenCart Single-Use Coupon race condition
Published 2025-12-28 by VulDB
Published 2025-12-27 by mitre
jackq XCMS Backend ProductImageController.class.php upload unrestricted upload
Published 2025-12-27 by VulDB
Information Leak of Memory in getimagesize
Published 2025-12-27 by php
Heap buffer overflow in array_merge()
Published 2025-12-27 by php
NULL Pointer Dereference in PDO quoting
Published 2025-12-27 by php
jackq XCMS upload.php unrestricted upload
Published 2025-12-27 by VulDB
PandaXGO PandaX JWT Secret config.yml hard-coded key
Published 2025-12-27 by VulDB
actiontech sqle JWT Secret jwt.go hard-coded key
Published 2025-12-27 by VulDB
getmaxun Authentication Endpoint auth.ts router.get improper authorization
Published 2025-12-27 by VulDB
getmaxun auth.ts hard-coded key
Published 2025-12-27 by VulDB
NanoMQ has a Use After Free vulnerability via sub info list
Published 2025-12-27 by GitHub_M
1-click Remote Code Execution (RCE) vulnerability in Eigent
Published 2025-12-27 by GitHub_M
SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret
Published 2025-12-27 by GitHub_M
Improper Neutralization of HTML Tags in a Web Page in libredesk
Published 2025-12-27 by GitHub_M
Published 2025-12-27 by mitre
ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling
Published 2025-12-26 by GitHub_M
ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling
Published 2025-12-26 by GitHub_M
FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After
Published 2025-12-26 by GitHub_M
FreshRSS has weak cryptographic randomness in remember-me token and nonce generation
Published 2025-12-26 by GitHub_M
StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection
Published 2025-12-26 by GitHub_M
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
Published 2025-12-26 by GitHub_M
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
Published 2025-12-26 by GitHub_M
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
Published 2025-12-26 by GitHub_M
n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
Published 2025-12-26 by GitHub_M
apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker
Published 2025-12-26 by Sonatype
Time-of-check Time-of-use (TOCTOU) in IBM Concert Software.
Published 2025-12-26 by ibm
XSS in IBM Aspera Faspex
Published 2025-12-26 by ibm
Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex
Published 2025-12-26 by ibm
Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
Published 2025-12-26 by ibm
Missing Authorization with the DS8900F and DS8A00 Hardware Management Console
Published 2025-12-26 by ibm
Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center
Published 2025-12-26 by ibm
Authentication bypass in IBM API Connect
Published 2025-12-26 by ibm
IBM Concert Software Improper Restriction of Operations within the Bounds of a Memory Buffer.
Published 2025-12-26 by ibm
BM Concert Software Improper Clearing of Heap Memory Before Release.
Published 2025-12-26 by ibm
Published 2025-12-26 by Eaton
Published 2025-12-26 by Eaton
Published 2025-12-26 by Eaton
DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information
Published 2025-12-26 by Deltaww
Improper Input Validation
Published 2025-12-26 by Hanwha_Vision
Hardcoding sensitive information
Published 2025-12-26 by Hanwha_Vision
Improper Input Validation
Published 2025-12-26 by Hanwha_Vision
Published 2025-12-26 by mitre
Inadequate account permissions management
Published 2025-12-26 by Hanwha_Vision
Insufficient certificate validation
Published 2025-12-26 by Hanwha_Vision
simstudioai sim CRON Secret internal.ts improper authentication
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
Alteryx Server status improper authentication
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
postmanlabs httpbin core.py cross site scripting
Published 2025-12-26 by VulDB
sunkaifei FlyCMS User Login UserController.java userLogin cross site scripting
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting
Published 2025-12-26 by VulDB
UTT 进取 512W ConfigExceptMSN strcpy buffer overflow
Published 2025-12-26 by VulDB
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-26 by mitre
Published 2025-12-25 by mitre
UTT 进取 512W formPictureUrl strcpy buffer overflow
Published 2025-12-25 by VulDB
Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion
Published 2025-12-25 by Wordfence
UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow
Published 2025-12-25 by VulDB
UTT 进取 512W APSecurity strcpy buffer overflow
Published 2025-12-25 by VulDB
ketr JEPaaS loadPostil postilService.loadPostils sql injection
Published 2025-12-25 by VulDB
youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization
Published 2025-12-25 by VulDB
youlaitech youlai-mall MemberController.java getMemberByMobile access control
Published 2025-12-25 by VulDB
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization
Published 2025-12-25 by VulDB
youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control
Published 2025-12-25 by VulDB
TOZED ZLT M30s UART on-chip debug and test interface with improper access control
Published 2025-12-25 by VulDB
TOZED ZLT M30s Web Management proc_post information disclosure
Published 2025-12-25 by VulDB
JD Cloud BE6500 jdcapi sub_4780 command injection
Published 2025-12-25 by VulDB
XSS in Verisay Communication's Aidango
Published 2025-12-25 by TR-CERT
XSS in Verisay Communication's Trizbi
Published 2025-12-25 by TR-CERT
XSS in Verisay Communication's Titarus
Published 2025-12-25 by TR-CERT
itsourcecode Student Management System list_report.php sql injection
Published 2025-12-25 by VulDB
itsourcecode Student Management System form137.php sql injection
Published 2025-12-25 by VulDB
Tenda CH22 public path traversal
Published 2025-12-25 by VulDB
itsourcecode Student Management System student_p.php sql injection
Published 2025-12-25 by VulDB
itsourcecode Online Frozen Foods Ordering System customer_details.php sql injection
Published 2025-12-25 by VulDB
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-25 by mitre
Published 2025-12-24 by mitre
itsourcecode Online Frozen Foods Ordering System contact_us.php sql injection
Published 2025-12-24 by VulDB
Published 2025-12-24 by mitre
Published 2025-12-24 by mitre
Published 2025-12-24 by mitre
MegaSys Computer Technologies Telenium Online Web Application Improper Input Validation
Published 2025-12-24 by icscert
Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function
Published 2025-12-24 by icscert
Published 2025-12-24 by mitre
Published 2025-12-24 by mitre
Published 2025-12-24 by mitre
LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities
Published 2025-12-24 by VulnCheck
LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation
Published 2025-12-24 by VulnCheck
VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal
Published 2025-12-24 by VulnCheck
VideoFlow Digital Video Protection DVP 2.10 Authenticated Remote Code Execution
Published 2025-12-24 by VulnCheck
KYOCERA Net Admin 3.4.0906 Cross-Site Request Forgery via User Administration
Published 2025-12-24 by VulnCheck
KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection
Published 2025-12-24 by VulnCheck
Teradek VidiU Pro 3.0.3 Cross-Site Request Forgery via Password Change
Published 2025-12-24 by VulnCheck
Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings
Published 2025-12-24 by VulnCheck
Devolo dLAN 500 AV Wireless+ 3.1.0-1 Cross-Site Request Forgery
Published 2025-12-24 by VulnCheck
devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr
Published 2025-12-24 by VulnCheck
Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure
Published 2025-12-24 by VulnCheck
Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability
Published 2025-12-24 by VulnCheck
Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure
Published 2025-12-24 by VulnCheck
Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions
Published 2025-12-24 by VulnCheck
Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities
Published 2025-12-24 by VulnCheck
FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test
Published 2025-12-24 by VulnCheck
FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface
Published 2025-12-24 by VulnCheck
FaceSentry Access Control System 6.4.8 Remote SSH Root Access
Published 2025-12-24 by VulnCheck
Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi
Published 2025-12-24 by VulnCheck
V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download
Published 2025-12-24 by VulnCheck
V-SOL GPON/EPON OLT Platform 2.03 Cross-Site Request Forgery Vulnerability
Published 2025-12-24 by VulnCheck
V-SOL GPON/EPON OLT Platform 2.03 Privilege Escalation via User Role Parameter
Published 2025-12-24 by VulnCheck
iSeeQ Hybrid DVR WH-H4 1.03R Unauthenticated Live Stream Disclosure
Published 2025-12-24 by VulnCheck
Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages
Published 2025-12-24 by VulnCheck
Carlo Gavazzi SmartHouse Webapp 6.5.33 Cross-Site Request Forgery and XSS
Published 2025-12-24 by VulnCheck
AVE DOMINAplus 1.10.x Cross-Site Request Forgery and XSS Vulnerabilities
Published 2025-12-24 by VulnCheck
Teradek Cube 7.3.6 Cross-Site Request Forgery Password Change
Published 2025-12-24 by VulnCheck
Teradek Slice 7.3.15 Cross-Site Request Forgery via Password Change
Published 2025-12-24 by VulnCheck
GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism
Published 2025-12-24 by VulnCheck
GNU Barcode 0.99 Memory Leak Vulnerability in Command Line Processing
Published 2025-12-24 by VulnCheck
Ecessa Edge EV150 10.7.4 Cross-Site Request Forgery via User Configuration
Published 2025-12-24 by VulnCheck
Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration
Published 2025-12-24 by VulnCheck
Ecessa ShieldLink SL175EHQ 10.7.4 Cross-Site Request Forgery via User Configuration
Published 2025-12-24 by VulnCheck
Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface
Published 2025-12-24 by VulnCheck
Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface
Published 2025-12-24 by VulnCheck
Microhard Systems IPn4G 1.1.0 Default Credentials Authentication Bypass
Published 2025-12-24 by VulnCheck
Microhard Systems IPn4G 1.1.0 Service Control Denial of Service
Published 2025-12-24 by VulnCheck
Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download
Published 2025-12-24 by VulnCheck
Microhard Systems IPn4G 1.1.0 Arbitrary File Access via Undocumented System Editor
Published 2025-12-24 by VulnCheck
Microhard Systems IPn4G 1.1.0 Backdoor Jailbreak via Microhard Sh Service
Published 2025-12-24 by VulnCheck
NovaRad NovaPACS Diagnostics Viewer 8.5 XML External Entity Injection
Published 2025-12-24 by VulnCheck
FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated RTSP Stream Disclosure
Published 2025-12-24 by VulnCheck
FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation
Published 2025-12-24 by VulnCheck
FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure
Published 2025-12-24 by VulnCheck
FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass
Published 2025-12-24 by VulnCheck
FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated Config File Disclosure
Published 2025-12-24 by VulnCheck
FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated RTSP Stream Disclosure
Published 2025-12-24 by VulnCheck
Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import
Published 2025-12-24 by VulnCheck
Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass via webNewAcct.cgi
Published 2025-12-24 by VulnCheck
Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface
Published 2025-12-24 by VulnCheck
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Stored XSS via Config Upload
Published 2025-12-24 by VulnCheck
Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database
Published 2025-12-24 by VulnCheck
SOCA Access Control System 180612 Information Disclosure via Multiple Endpoints
Published 2025-12-24 by VulnCheck
SOCA Access Control System 180612 SQL Injection and Authentication Bypass
Published 2025-12-24 by VulnCheck
SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface
Published 2025-12-24 by VulnCheck
IBM Concert Software Cleartext Storage in a File or on Disk.
Published 2025-12-24 by ibm
Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies
Published 2025-12-24 by redhat
usb: potential integer overflow in usbg_make_tpg()
Published 2025-12-24 by Linux
iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings
Published 2025-12-24 by jci
iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo
Published 2025-12-24 by jci
Arbitrary File Upload in EchoCCS's Specto CM
Published 2025-12-24 by TR-CERT
Stored XSS in EchoCCS's Specto CM
Published 2025-12-24 by TR-CERT
WordPress PostX plugin <= 5.0.3 - Sensitive Data Exposure vulnerability
Published 2025-12-24 by Patchstack
WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.18 - Cross Site Scripting (XSS) vulnerability
Published 2025-12-24 by Patchstack
WordPress Editorial Calendar plugin <= 3.8.8 - Broken Access Control vulnerability
Published 2025-12-24 by Patchstack
WordPress Accept Donations with PayPal plugin <= 1.5.1 - Open Redirection vulnerability
Published 2025-12-24 by Patchstack
WordPress Five Star Restaurant Reservations plugin <= 2.7.7 - Cross Site Request Forgery (CSRF) vulnerability
Published 2025-12-24 by Patchstack
WordPress Link Library plugin <= 7.8.4 - Server Side Request Forgery (SSRF) vulnerability
Published 2025-12-24 by Patchstack
WordPress YouTube Embed plugin <= 5.4 - Cross Site Scripting (XSS) vulnerability
Published 2025-12-24 by Patchstack
Load more ↓