High
CVSS: 7.5
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handl…
Low
CVSS: 3.3
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as a…
Medium
CVSS: 5.3
A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The a…
Critical
CVSS: 9.5
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in speci…
High
CVSS: 7.7
Input verification vulnerability in the ExternalStorageProvider module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
High
CVSS: 7.1
When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate.
Note: Software versions which have reached End…
High
CVSS: 8.4
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)…
High
CVSS: 8.4
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)…
High
CVSS: 8.4
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)…
High
CVSS: 8.4
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)…
High
CVSS: 8.4
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)…
Medium
CVSS: 6.5
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affe…
Medium
CVSS: 5.8
A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and down…
High
CVSS: 7.7
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive fi…
High
CVSS: 8.8
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../…
High
CVSS: 8.8
Memory corruption while configuring a Hypervisor based input virtual device.
Medium
CVSS: 6.6
Memory corruption while processing frame packets.
Low
CVSS: 2.3
A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be i…
Medium
CVSS: 6.3
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying…
Critical
CVSS: 9.8
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another exis…