A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.Read More ...
Continue ReadingAugust 15, 2023
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) a ...
Continue ReadingAugust 15, 2023
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access ...
Continue ReadingAugust 15, 2023
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Tec ...
Continue ReadingAugust 15, 2023
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.Read More ...
Continue ReadingAugust 15, 2023
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.Read More ...
Continue ReadingAugust 15, 2023
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.Read More ...
Continue ReadingAugust 15, 2023
Back to Main