A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclo…

A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/role/authUser/allocatedList. The manipulation of the argument params[dataScope] leads to sql injection. The attack may be launched remot…

HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities.

HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.

HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks.

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an a…

The default configuration in ETSI Open-Source MANO (OSM) v.14.x, v.15.x, v.16.x, v.17.x does not impose any restrictions on the authentication attempts performed by the default admin user, allowing a remote attacker to escalate privileges.

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.

In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qdisc if parent class does not exist Lion's patch [1] revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, durin…

Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.