Buffer overflow in TOTOLINK EX1200T via setLanguageCfg. EPSS 0.52%. PoC available.
SQL injection in File Provider WordPress plugin through 1.2.3. PoC available.
Deno versions 2.2.0 through 2.2.4 contain an authorization bypass vulnerability in SQLite database handling that allows attackers to circumvent read/write database permission checks via the SQL `ATTACH DATABASE` statement. An unauthenticated remote attacker can exploit this with no user interaction to gain unauthorized read and write access to protected databases, achieving high confidentiality and integrity impact. Patch is available in Deno 2.2.5.
Auth bypass in Airleader MASTER. CVSS 10.0.
Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.
Prototype pollution in billboard.js before 3.15.1 via generate function.
Path traversal in Airleader MASTER enables reading embedded sensitive data.