kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.

Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections.

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.

Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request.

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.

In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers. Making…

Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.