User provided input is not sanitized in the “Settings > Access Controlâ€� configuration interface allowing for arbitrary code execution. Zafiyet ile ilgili Genel Bilgi, Etki…

User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgiâ€� allowing for arbitrary code execution. Zafiyet ile ilgili Genel Bilgi, Etki…

Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. Zafiyet ile ilgili Genel Bilgi,…

Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems.…

A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. Zafiyet ile ilgili Genel Bilgi, Etki ve…

Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service…

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations…

Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the…

Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of…

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary…