Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.

vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c.

An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.

vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c.

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.

hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through push_urls() and get_urls().

vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c.

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ring_buffer_subbuf_order_set() updates each ring_buffer_per_cpu and installs new sub buffers that match the requested page order. This operation may …

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands