Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a…

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information di…

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS a…

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file:…

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitiz…

Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Exec…

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts…

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache …

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts…

An information disclosure vulnerability exists when affected Microsoft browsers improperly allo…

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (includ…

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) A…

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. S…

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and…

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames…

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.…

An attacker with the ability to modify a user program may change user program code on some Cont…

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the …

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution bac…

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an auth…

A 3rd party development library including with Drupal 8 development dependencies is vulnerable …

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated w…

The cache directory on the local file system is set to be world writable. Firefox defaults to e…

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported…

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the com…

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthe…

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for J…

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager an…

An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0…

WebExtensions bundled with embedded experiments were not correctly checked for proper authoriza…

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering im…

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a r…

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated use…

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being cal…

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary fi…

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a vi…

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gr…

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files …

If a malicious attacker has used another vulnerability to gain full control over a content proc…