Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the…

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker…

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker…

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. Zafiyet ile ilgili Genel Bilgi,…

There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying…

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of…

A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree…

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was…

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was…

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create…