RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function.

An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function.

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the databas…

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html

An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.

Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions.

A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain informat…

An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.