H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.

H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.

Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.

A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTP_REFERER header into the HTML response without proper sanitization. An attacker can exploit this vulnerability by tricking a user…

An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files …

VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resou…