The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum…

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise…

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses…

A batch loader function in Spring for GraphQL versions 1.1.0 – 1.1.5 and 1.2.0 – 1.2.2 may be exposed to GraphQL context with values, including…

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “fâ€� parameter is not properly…

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted…

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially…

An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes…

** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service…

** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the “admin.xml” file, which can be accessed without logging into the…