In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands…

In the “webupg” binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters “autoupgrade.asp”, and perform functions such as downloading configuration files and updating…

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module.…

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a…

A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file…

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user…

Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri…

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible…

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the…