For providers

Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Tecnick TCExam – Multiple CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without...

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit...

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit...

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an...