An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely follo
Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function
A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file
A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a
A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The man
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an au
Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks.
This issue affects Comm
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 20
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and pla
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that acc
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.