For providers

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.

In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint.

Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be...

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions...

Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to...

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by...

The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in...

The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect...

The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the...

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes...