An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.Read More ...
Continue Reading
August 15, 2023
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.Read More ...
Continue Reading
August 15, 2023
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data ...
Continue Reading
August 15, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution throu ...
Continue Reading
August 15, 2023
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the âuser-submitted-contentâ parameter in versions up to, and including, 20230809 due to insuff ...
Continue Reading
August 15, 2023
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attack ...
Continue Reading
August 15, 2023
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated attacker to execute some OS commands remotely by ...
Continue Reading
August 14, 2023
Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticate ...
Continue Reading
August 14, 2023
Back to Main
