Remote Code Execution

This vulnerability allows a low-privileged user to access and read an administrator's password from certain Tinycontrol devices by exploiting a hidden resource that isn't protected by the usual graphical interface. To take advantage of this flaw, the attacker must have basic access to the device but does not need elevated permissions.

This vulnerability allows a privileged user to disrupt the service by misusing the system's workflow controls, potentially causing downtime. It affects specific versions of IBM Aspera Console, so users running those versions should be cautious about how workflows are managed.

This vulnerability allows a local attacker to access sensitive information that should not be visible, due to a flaw in how the system handles uninitialized resources. The attacker needs to have local access to the device running affected versions of OpenHarmony, specifically v5.0.3 or earlier.

An attacker on the same local network can easily steal usernames and encoded passwords for the management interface of Tinycontrol devices by simply checking the server's response when accessing the login page, especially if the default security setting is not changed. This vulnerability affects both regular and admin user accounts, making it critical to update to the latest firmware to secure the devices.

This vulnerability allows attackers to access sensitive information and functionalities of the Telesquare SKT LTE Router without proper permissions by simply changing certain input parameters. It requires no special skills, making it easy for anyone to exploit if they know how to manipulate the system's requests.

This vulnerability allows attackers to access sensitive configuration information from the Serviio PRO software without needing to log in. It occurs because the system does not properly restrict access to its API, meaning anyone can send specific requests to get this data.

This vulnerability allows attackers to access sensitive files on a system by tricking the software into using incorrect file paths. To exploit this, the attacker must manipulate specific parameters in the application, which can lead to the exposure of important information like configuration files and source code.

This vulnerability allows an attacker who is already logged into Checkmk to find out details about existing hosts by looking at different responses from the system. It occurs because the system doesn't properly check permissions, making it easier for these users to access sensitive information.

An attacker can exploit this vulnerability to overwhelm a server's memory, causing it to crash and become unavailable, which is known as a Denial of Service (DoS) attack. This can happen before the user is even authenticated, as the server accepts specially crafted compressed data that inflates to a massive size, rapidly consuming resources.

An attacker can cause the Hex.pm package management system to crash by uploading an excessively large package, which can lead to a denial of service for anyone trying to publish or process packages. This vulnerability affects specific versions of Hex.pm before March 2026, meaning users need to be running an outdated version to be at risk.

This vulnerability allows attackers to permanently delete all comments linked to a specific email address by tricking users into clicking on a malicious link or image. It requires the attacker to have a valid HMAC key and can be exploited without any confirmation from the user, making it particularly dangerous.

This vulnerability allows attackers to bypass IP-based security measures, like rate limiting and bans, by pretending to be from a different IP address using manipulated HTTP headers. It affects versions of wpDiscuz before 7.6.47, meaning that if you’re using an older version, your site could be at risk from attackers who exploit this weakness.

This vulnerability allows an attacker with the Backup Administrator role to run malicious code remotely on systems using Veeam Backup & Replication in high availability setups. The attacker must already have authenticated access to the system, which makes it critical to limit who can hold that role.

This vulnerability allows an attacker, who is already logged in as a domain user, to run malicious code on the Backup Server from a distance. This means that if someone gains access to a user account on the network, they can take control of the server and potentially compromise sensitive data.

This vulnerability allows an attacker who is already logged in as a domain user to run malicious code on the Backup Server from a distance. The attacker needs to have valid credentials to exploit this weakness, making it critical for organizations to secure user access.

This vulnerability allows an attacker who is already logged in as a domain user to run malicious code on the Backup Server from a distance. To exploit this, the attacker must have valid credentials and access to the network where the Backup Server is located.

An attacker can repeatedly use a captured authentication header to bypass login protections and gain unauthorized access to restricted areas of a system. This vulnerability occurs because the server does not properly track or enforce unique authentication tokens, allowing the same token to be reused.

An attacker can exploit a vulnerability in the cafe reservation system to manipulate the username input, allowing them to execute unauthorized SQL commands and potentially access or alter the database remotely. This attack can be carried out without needing physical access to the system, making it a significant risk for users of this software.

An attacker can gain unauthorized access to the admin features of the SourceCodester Web-based Pharmacy Product Management System by exploiting a flaw in the add_admin.php file, allowing them to manipulate the system remotely. This vulnerability requires no special access privileges, making it easier for attackers to exploit.

This vulnerability allows an attacker to read sensitive data from memory by exploiting a flaw in a WAV file parser, but they need to have local access to the system to carry out the attack. It's important to upgrade to the latest version to fix this issue, as it has already been publicly disclosed.