For providers

Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete...

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full...

Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication.

Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files...

The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is...

The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible...

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue...

Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container....

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue...