An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction o…

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthe…

In the case of instances where the SAML SSO authentication is enabled (non-default), session da…

Nacos is a platform designed for dynamic service discovery and configuration and service manage…

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as…

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In C…

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This…

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which…

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= …

Microsoft Exchange Server Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails…

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS…

python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 ar…

Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By e…

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconf…

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication …

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (…

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds…

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does…

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then imperso…

Unauthenticated remote arbitrary code execution

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 al…

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed …

Honeywell NVR devices allow remote attackers to create a user account in the admin group by lev…

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and…

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulne…

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sess…

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to…

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specifica…

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp G…

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to interce…

A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure…

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does no…

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsul…

A remote code execution vulnerability exists when the Windows font library improperly handles s…

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remo…

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows …

Windows NTLM Spoofing Vulnerability

A remote code execution vulnerability exists in Microsoft Project software when the software fa…

Windows CryptoAPI Spoofing Vulnerability