** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information…

An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Zafiyet ile ilgili Genel Bilgi,…

An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Zafiyet ile ilgili Genel Bilgi, Etki…

** UNSUPPPORTED WHEN ASSIGNED ** Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by…

An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Zafiyet ile ilgili Genel…

An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Zafiyet ile ilgili Genel Bilgi,…

** UNSUPPPORTED WHEN ASSIGNED ** A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS)…

A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. Zafiyet…

An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers’ apiserver/supervisor port (TCP 6443) cause denial…

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a…