Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.

Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.

Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.

AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 

gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.

"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.

Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.

Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-232952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network.

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.

File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.