A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manip…

andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability.

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service cred…

An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request

Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.

An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function

GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php.

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without…

playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability.