The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point.…

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image:…

This update resolves a multi-factor authentication bypass attack Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

Cross-Site Request Forgery (CSRF) in Virgial Berveling’s Manage Notification E-mails plugin <= 1.8.2 on WordPress. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…

Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…

A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a…

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in…

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.…

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims’s username and hashed password to spoof the victim’s id against…

An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. Zafiyet ile ilgili Genel Bilgi,…