Members versions up to 5.6.00.11 contains a vulnerability that allows attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privile (CVSS 4.3).
Log Analysis versions 1.3.5.0 versions up to 1.3.8.3 is affected by cross-site request forgery (csrf) (CVSS 4.3).
Central Authentication System Server versions up to 2.0.3 contains a security vulnerability (CVSS 4.2).
GLPI versions 11.0.0 through 11.0.4 allow authenticated administrators to conduct Server-Side Request Forgery (SSRF) attacks via the Webhook functionality, potentially enabling reconnaissance of internal network resources. An attacker with administrative privileges could leverage this capability to probe internal services or bypass network access controls. A patch is available in version 11.0.5 and later.
Cisco Secure Web Appliance's DVS Engine improperly handles certain archive files, allowing unauthenticated remote attackers to bypass the anti-malware scanner and deliver malicious archives to end users. An attacker can exploit this by sending crafted archive files through affected devices to circumvent malware detection. While downloaded malware requires manual extraction and execution by the user, this vulnerability enables distribution of malicious content that would normally be blocked.