Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages “PNTMEDIDAS”, “PEDIR”, “HAYDISCOA”…

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require…

SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary…

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are…

The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model…

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the –allow-fs-read flag is used with a non-*…

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A…

In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps’ external private directories due to a path traversal error. This…

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when…

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution…