When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connectio…

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: throug…

All versions of Confluence Data Center and Server are affected by this unexploited vulnerabilit…

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user …

Next.js is a React framework for building full-stack web applications. Starting in version 1.11…

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hyb…

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform bel…

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NET…

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows rem…

A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform …

The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Window…

Spring WebFlux applications that have Spring Security authorization rules on static resources c…

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switch…

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c…

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink…

A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (St…

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, throug…

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This aff…

BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencr…

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, wh…

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid…

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass author…

The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capab…

An unauthorized user may leverage a specially crafted aggregation pipeline to access data witho…

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, throug…

The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due t…

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the e…

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all v…

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Witho…

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction b…

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phon…