A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP address and network-range validation when proces…

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.

Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data rec…

Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in '/CronosWeb/Modulos/Personas/DocumentosPersonales/A…

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.

Not used