TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it t
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can resul
A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updat
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML cont
TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context.
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability a
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. A
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injec
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticat
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or all
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so it
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update
A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add b
Page 1+ Next →