For individuals

An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file.

Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords.

Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files.

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential...

NocoDB is software for building databases as spreadsheets. The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. The endpoint...

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions,...

FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the...

A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0. It has been classified as critical. This affects an unknown part of the file details.php. The manipulation of the argument...

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file...

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier (fixed in v.8.2.7) allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions...