Remote Code Execution

This vulnerability allows an attacker to execute malicious code on a system by exploiting a flaw in the audio file handling function, which can lead to a buffer overflow. However, the attacker must have local access to the system to carry out the attack, and the issue has been publicly disclosed but remains unaddressed by the developers.

This vulnerability allows an attacker to send any file from the server, including sensitive information like database credentials and patient documents, to a phone number they control. It can be exploited by any authenticated user of the system, as the application does not properly restrict which files can be accessed or sent.

An attacker can exploit a flaw in Multer to overwhelm the server by sending poorly formatted requests, leading to a Denial of Service (DoS) that makes the application unavailable. This issue affects versions before 2.1.0, so it's crucial to upgrade to the latest version to prevent this problem.

An attacker can cause a Denial of Service (DoS) by interrupting a file upload, which can overwhelm the server and make it unable to respond to legitimate requests. This vulnerability affects versions of Multer before 2.1.0, so it's crucial to upgrade to the latest version to protect against this issue.

This vulnerability allows a malicious user who is already logged in to load any external website or resource within a Dato CMS Web Previews plugin, bypassing security restrictions. It specifically affects versions of the plugin before 1.0.31, meaning only users with access to the system can exploit it.

This vulnerability allows an attacker to manipulate the database of the Dayneks E-Commerce Platform, potentially gaining access to sensitive information or altering data. It can be exploited through specially crafted input on the platform, and it remains a risk until at least February 2026.

An attacker can exploit this vulnerability to falsely mark orders as "Processing" or "Completed" without making any actual payments, allowing them to commit fraud. This can happen if they send a specially crafted request to the payment system's webhook, and it affects versions of the Japanized for WooCommerce plugin up to 2.8.4.

This vulnerability allows an attacker to access unauthorized files on the system, potentially leading to remote code execution, which means they could run malicious software on the affected Xerox FreeFlow Core software. It affects versions up to 8.0.7, so upgrading to version 8.1.0 is crucial to protect against this risk.

An attacker can potentially eavesdrop on or alter the encrypted communication between the lms1000 device and other systems using its SSH service, but they need to be able to intercept the network traffic first. This is possible because the device uses weak encryption methods that can be exploited.

An attacker with the right permissions can exploit a flaw in the Red Hat Satellite system to run their own code remotely by creating a specially crafted username for the Baseboard Management Controller. This requires the attacker to already have access to create or update hosts within the system.

This vulnerability allows an attacker to steal user credentials by creating deceptive routes in the Red Hat Ansible Automation Platform, using a specific format that tricks the system. It requires a malicious or manipulated administrator to set up these routes, which can then capture sensitive information even after the attacker's access has been removed.

This vulnerability allows low-privileged users to access sensitive information that they shouldn't be able to see, due to weak security checks in the GraphQL API. It occurs because the API fails to properly enforce user permissions, unlike the more secure REST API, making it easier for attackers to bypass restrictions.

An attacker can exploit a weakness in the Sign Up Page of the Doctor Appointment System to inject malicious scripts through the Email field, potentially allowing them to steal sensitive information from users who visit the site. This attack can be carried out remotely, meaning the attacker doesn't need physical access to the system, and the method to exploit this vulnerability is publicly available.

An attacker can access live video streams from Pelco Sarix Professional 3 Series Cameras without proper login credentials, putting privacy and security at risk. This vulnerability occurs because the camera's web management interface does not properly enforce access controls, allowing unauthorized users to view sensitive footage.

This vulnerability allows an attacker to overload the Kibana service, causing it to become unresponsive, effectively leading to a Denial of Service. It can be exploited by sending specially crafted input data to the Timelion component, which means that the attacker needs to have access to the Kibana interface to trigger the issue.

An attacker with administrative access on one virtual machine (VM) can disrupt or eavesdrop on the network connections of other VMs on the same host. To fix this issue, users need to upgrade to the latest version of VMware Workstation or Fusion.

An attacker with view-only access to Kibana can exploit this vulnerability to send specially crafted data that overwhelms the system, causing it to crash or become unresponsive. This means that even users who are not fully authorized can disrupt the service by manipulating input data.

This vulnerability allows an attacker to gain unauthorized access to the Remote Access Server feature in VLC for Android by repeatedly guessing a one-time password (OTP) without being locked out. The attacker needs to be able to reach the server over the network, and if successful, they can access media files that the legitimate user has shared.

This vulnerability allows an attacker to access private user information, such as phone numbers and addresses, from all users in a Discourse forum, even if they are not logged in. It occurs because the system does not properly check permissions for certain user data fields, making it easy for anyone to exploit this flaw and collect sensitive information.

This vulnerability allows any authenticated user to manipulate policies on posts they shouldn't be able to access, including private posts, and to discover which posts have policies based on error messages. It affects users of the discourse platform who have the `discourse-policy` plugin enabled and can be fixed by upgrading to the latest versions or disabling the plugin altogether.