SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute…

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure…

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record()…

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not…

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path…

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields,…

Data Integrity Failure in ‘Backup Config’ in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. Zafiyet ile…

LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. Zafiyet ile ilgili Genel Bilgi,…

RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. Zafiyet…

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire…