Wbce Cms versions up to 1.5.2 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Nanocms versions up to 0.4 is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. [CVSS 8.8 HIGH]
Tongyu Ax1800 Firmware versions up to 1.0.0 contains a vulnerability that allows attackers to full compromise of the device (i (CVSS 8.8).
Memory corruption in iccDEV library versions before 2.3.1.2 allows remote attackers to achieve code execution via maliciously crafted ICC color profiles, affecting users who process untrusted profile data. Public exploit code exists for this vulnerability. Organizations using iccDEV should upgrade to version 2.3.1.2 immediately.
An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints. [CVSS 8.6 HIGH]
FSService contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. [CVSS 8.4 HIGH]
servermedicontservice contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
TrapiServer service contains a vulnerability that allows attackers to potentially execute code with elevated privileges (CVSS 8.4).
Private Internet Access 3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. [CVSS 8.4 HIGH]
Mobiletrans versions up to 3.5.9 contains a vulnerability that allows attackers to potentially execute code with elevated system privileges (CVSS 8.4).
Dr.Fone versions up to 12.0.18 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 8.4).
Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. [CVSS 8.4 HIGH]
CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. [CVSS 8.4 HIGH]
its ConnectifyService executable contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
SbieSvc Windows service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges. [CVSS 8.4 HIGH]
ITeC ITeCProteccioAppServer contains an unquoted service path vulnerability that allows local attackers to execute code with elevated system privileges. Attackers can insert a malicious executable in the service path to gain elevated access during service restart or system reboot. [CVSS 8.4 HIGH]
CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. [CVSS 8.4 HIGH]
Splashtop Software Updater Service contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
Dr.Fone versions up to 11.4.9 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 8.4).
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. [CVSS 8.2 HIGH]
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. [CVSS 8.2 HIGH]
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. [CVSS 8.2 HIGH]
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. [CVSS 8.2 HIGH]
Cobian Backup versions up to 0.9.93 contains a vulnerability that allows attackers to execute arbitrary code with elevated system privileges (CVSS 7.8).
Protonvpn versions up to 1.26.0 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Ptpublisher versions up to 2.3.4 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).
Teamspeak versions up to 3.5.6 is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Bluesoleilcs versions up to 5.4.277 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Outline versions up to - contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
Cain \& Abel versions up to 4.9.56 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated privileges (CVSS 7.8).
Wow21 versions up to 5.0.1.9 contains a vulnerability that allows attackers to potentially execute arbitrary code with elevated system privileges (CVSS 7.8).
In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. [CVSS 7.5 HIGH]
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. [CVSS 7.5 HIGH]
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. [CVSS 7.5 HIGH]
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. [CVSS 7.5 HIGH]
GuardDog versions prior to 2.7.1 fail to validate decompressed file sizes when extracting Python package archives, enabling denial of service attacks through zip bomb payloads that can consume gigabytes of disk space from minimal compressed data. Public exploit code exists for this vulnerability, affecting users who rely on GuardDog to scan PyPI packages for malicious content. Upgrade to version 2.7.1 or later to remediate this flaw.
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Service Workers in Mozilla Firefox and Thunderbird versions below 147 are vulnerable to remote denial-of-service attacks that require no user interaction or authentication. An unauthenticated attacker can crash affected applications over the network, and public exploit code exists for this vulnerability. Currently no patch is available for remediation.
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. [CVSS 7.2 HIGH]
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. [CVSS 7.2 HIGH]