For providers

Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content...

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading...

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.

Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.

Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon...