app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.

SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."

Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.

Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.

ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot from J2497 telematics devices) call diagnostic…

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests,…

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.

Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the organization, not just users in…

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based…