A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters.

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder …

Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters.

DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view.

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.

D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.

H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.

An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes…

An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that this is the case. Supplying a length less than…