unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access.

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.

A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.

Oxide before 6 has unencrypted Control Plane datastores.

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, May …

The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.