An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulne...

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

В Pulse Secure Pulse Connect Secure (PCS) 8.2 до 8.2R12.1, 8.3 до 8.3R7.1 и 9.0 до 9.0R3.4 не прошедший проверку подлинности удаленны�...

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST ...

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol...

Десериализация ненадежных данных в Liferay Portal до 7.2.1 CE GA2 позволяет удаленным злоумышленникам выполн...

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in ...

Atlassian Crowd и Crowd Data Center имели неправильно включенный плагин разработки pdkinstall в сборках выпуска. Напа�...

Linear eMerge E3-Series devices allow Command Injections.

Util/PHP/eval-stdin.php в PHPUnit до 4.8.28 и 5.x до 5.6.3 позволяет удалённым злоумышленникам выполнять произвольный PH...

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add ...

Уязвимость обхода пути в веб-интерфейсах Buffalo WSR-2533DHPL2 версии прошивки <= 1.02 и WSR-2533DHP3 версии прошивк�...

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder co...

TerraMaster NAS 4.2.29 и более ранние версии позволяют удаленным злоумышленникам обнаруживать пароль админ...

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing co...

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduc...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories con...

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administra...

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication t...

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.