CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CWE-20 Improper Input Validation

Multiple CWE-352 Cross-Site Request Forgery (CSRF)

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c <comm…

Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEM_CONFIGURATION permission…

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly …

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirm_order.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be…