Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted…

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when…

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data…

A CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability exists that could cause remote code execution when performed…

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal) vulnerability exists that could cause malicious script to be deployed in an…

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of REDCap 11.2.5 allows remote attackers to execute JavaScript code in the client’s…

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by…

In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow…

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS).…

CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote…