MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands

Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server.

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.

Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token.

SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter.

An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to validate the identity of the requester properly

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co…

A vulnerability was found in vLLM's Qwen3 Coder tool parser. Since this parser uses Python's eval() function, it poses a risk of arbitrary code execution. This vulnerability appears during the parameter conversion process when the parser attempts to handle complex data types.