ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allo...
MEDIUM Published: 2025-06-02ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability coul...
MEDIUM Published: 2025-06-02Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulner...
MEDIUM Published: 2025-06-02Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to re...
MEDIUM Published: 2025-06-02ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authen...
MEDIUM Published: 2025-06-02Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write...
MEDIUM Published: 2025-05-22ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthentica...
MEDIUM Published: 2025-05-19Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite featu...
MEDIUM Published: 2025-05-19Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to acce...
MEDIUM Published: 2025-05-19MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attack...
MEDIUM Published: 2025-05-19Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component t...
MEDIUM Published: 2025-05-19Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API com...
MEDIUM Published: 2025-05-19SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows...
MEDIUM Published: 2025-05-15DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability du...
MEDIUM Published: 2025-05-15Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability...
MEDIUM Published: 2025-05-14Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that...
MEDIUM Published: 2025-05-13Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthoriz...
MEDIUM Published: 2025-05-13Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnera...
MEDIUM Published: 2025-05-13Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that...
MEDIUM Published: 2025-05-13Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized...
MEDIUM Published: 2025-05-13TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend hol...
MEDIUM Published: 2025-05-12Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unaut...
MEDIUM Published: 2025-05-07Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unaut...
MEDIUM Published: 2025-05-07FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph struct...
MEDIUM Published: 2025-05-06Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that...
MEDIUM Published: 2025-05-05Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticat...
MEDIUM Published: 2025-05-02Yii Framework contains an improper protection of alternate path vulnerability that may allow a remot...
MEDIUM Published: 2025-05-02Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows...
MEDIUM Published: 2025-05-01SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management...
MEDIUM Published: 2025-05-01SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability t...
MEDIUM Published: 2025-04-29Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with adm...
MEDIUM Published: 2025-04-28Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, una...
MEDIUM Published: 2025-04-28Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attac...
MEDIUM Published: 2025-04-28Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows a...
MEDIUM Published: 2025-04-17Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability...
MEDIUM Published: 2025-04-17Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that al...
MEDIUM Published: 2025-04-17SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interfac...
MEDIUM Published: 2025-04-16Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a loca...
MEDIUM Published: 2025-04-09Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an a...
MEDIUM Published: 2025-04-09Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that...
MEDIUM Published: 2025-04-08Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the...
MEDIUM Published: 2025-04-08CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allow...
MEDIUM Published: 2025-04-07Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulner...
MEDIUM Published: 2025-04-04Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute cod...
MEDIUM Published: 2025-04-01Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthentica...
MEDIUM Published: 2025-03-31Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, whi...
MEDIUM Published: 2025-03-27Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Se...
MEDIUM Published: 2025-03-26Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Se...
MEDIUM Published: 2025-03-26reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps ex...
MEDIUM Published: 2025-03-24SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler...
MEDIUM Published: 2025-03-19