OpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly FM Systems)

Johnson Controls OpenBlue Workplace (formerly FM Systems)

iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce

Johnson Control iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

NGINX Ingress Controller vulnerability

F5 NGINX Ingress Controller f5 nginx_ingress_controller

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create c...

smallstep Step-CA smallstep Step-CA

Ercom Cryptobox 安全漏洞

Ercom Cryptobox

iSTAR- Improper Validation of Certificate Expiration

Johnson Controls iSTAReX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra , iSTAR Ultra SE

Remote Code Execution Vulnerability in Radiometer Products

Radiometer Medical Aps ABL90 FLEX and ABL90 FLEX PLUS Analyzers Radiometer Medical Aps ABL800 BASIC and ABL800 FLEX Analyzers +1个

Credential Disclosure vulnerability in Radiometer Products

Radiometer Medical Aps ABL90 FLEX and ABL90 FLEX PLUS Analyzers Radiometer Medical Aps ABL90 FLEX and ABL90 FLEX PLUS Analyzers +4个

Open redirect in error page when link opened in new tab

Mattermost Mattermost mattermost mattermost_server

Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost Mattermost mattermost mattermost_server

CSRF Allows Call Initiation and Message Delivery

Mattermost Mattermost mattermost mattermost_server

Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2

Apache Software Foundation Apache Airflow Providers Edge3 apache apache-airflow-providers-edge3

Privilege boundary violation in Radiometer Products

Radiometer Medical Aps ABL90 FLEX and ABL90 FLEX PLUS Analyzers Radiometer Medical Aps ABL90 FLEX and ABL90 FLEX PLUS Analyzers +4个

IDOR in GG Soft's PaperWork

GG Soft Software Services Inc. PaperWork

Reflected XSS in Proliz's OBS

Proliz Software Ltd. OBS (Student Affairs Information System)0

Download Plugins and Themes from Dashboard <= 1.9.6 - Cross-Site Request Forgery to Bulk Plugin/Theme Archival

wpcodefactory Download Plugins and Themes in ZIP from Dashboard

Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery

dylanjkotze Zephyr Project Manager

Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token

kstover Ninja Forms – The Contact Form Builder That Grows With You ninjaforms ninja_forms

Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint

mateuszgbiorczyk Converter for Media – Optimize images | Convert WebP & AVIF

Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.0.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

wplegalpages Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent