Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly s
A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to
A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Affected by this vulnerability is an unknown functionality of the file /connection_error.p
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middl
Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in FFmpeg. This can be leveraged to possibly achieve remote code execution by anyone w
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulatio
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traver
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious
A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). This issue affects some unknown processing of the file /H5/get_version.data of the compon
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The ma
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The m
An Improper Access Control vulnerability was
identified in the file download functionality. This vulnerability allows users
to download sensitive documents without authentication, if the URL is known.
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ff
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site us
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach a
A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers c
← Previous Page 5