M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses…

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise…

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum…

A batch loader function in Spring for GraphQL versions 1.1.0 – 1.1.5 and 1.2.0 – 1.2.2 may be exposed to GraphQL context with values, including…

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “fâ€� parameter is not properly…

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted…

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially…

An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes…

** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the “admin.xml” file, which can be accessed without logging into the…

** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service…