In DLink DAP-1360 F1 firmware version <=v6.10 in the “webupg” binary, an attacker can use the “file” parameter to execute arbitrary system commands when the…

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded…

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of “.mkp” files, which are Extension Packages,…

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This…

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window).…

Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an…

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access.…

A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage…

A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue occurs while handling a “PVRDMA_CMD_CREATE_MR” command due to improper memory…

It was found that 3scale’s APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably…