HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attr...
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic...
A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SY...
Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd...
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows...
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API ...
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost netw...
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level ...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
