High · CVSS 8
An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.
Published Mar 26, 2024 · Updated Jul 9, 2026
High · CVSS 7.5
An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information.
Published Mar 21, 2024 · Updated Jul 9, 2026
Medium · CVSS 6.5
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component
Published Mar 21, 2024 · Updated Jul 9, 2026
High · CVSS 7.5
Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.
Published Mar 7, 2024 · Updated Jul 9, 2026
Medium · CVSS 5.4
An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.
Published Mar 8, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet.
Published Mar 1, 2023 · Updated Jul 9, 2026
High · CVSS 7.5
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
Published Mar 27, 2023 · Updated Jul 9, 2026
High · CVSS 8.8
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
Published Mar 10, 2023 · Updated Jul 9, 2026
Medium · CVSS 4.9
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.
Published Mar 10, 2023 · Updated Jul 9, 2026
Medium · CVSS 5.4
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.
Published Mar 10, 2023 · Updated Jul 9, 2026
Critical · CVSS 9.3
A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
Published Mar 12, 2024 · Updated Jul 8, 2026
High · CVSS 7.7
A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
Published Mar 12, 2024 · Updated Jul 8, 2026
Medium · CVSS 6.5
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Published Mar 31, 2023 · Updated Jul 5, 2026
Medium · CVSS 5.5
swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.
Published Mar 23, 2023 · Updated Jul 5, 2026
Medium · CVSS 6.5
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
Published Mar 29, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
Published Mar 10, 2023 · Updated Jul 5, 2026
Critical · CVSS 9.1
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Published Mar 31, 2023 · Updated Jul 5, 2026
High · CVSS 7.5
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
Published Mar 10, 2023 · Updated Jul 5, 2026
High · CVSS 7.2
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
Published Mar 31, 2023 · Updated Jul 5, 2026
High · CVSS 7.5
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
Published Mar 31, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.
Published Mar 27, 2023 · Updated Jul 5, 2026
High · CVSS 7.5
Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes outbound traffic and potentially imports data. An attacker may also leverage this behaviour to exfiltrate data of machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web).
Published Mar 28, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.
Published Mar 27, 2023 · Updated Jul 5, 2026
High · CVSS 7.5
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
Published Mar 28, 2023 · Updated Jul 5, 2026
Unknown · CVSS Not scored
Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.
Published Mar 16, 2023 · Updated Jul 5, 2026
Medium · CVSS 5.4
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
Published Mar 6, 2024 · Updated Jul 4, 2026
High · CVSS 8.8
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
Published Mar 12, 2026 · Updated Jun 30, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93.
Published Mar 17, 2023 · Updated Jun 1, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.
This issue affects Pacsrapor: before 1.22.
Published Mar 21, 2023 · Updated Jun 1, 2026
Medium · CVSS 6.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.
This issue affects Pacsrapor: before 1.22.
Published Mar 21, 2023 · Updated Jun 1, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.
This issue affects Starcities: through 1.3.
Published Mar 10, 2023 · Updated Jun 1, 2026
High · CVSS 7.5
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.
This issue affects Starcities: through 1.3.
Published Mar 10, 2023 · Updated Jun 1, 2026
Critical · CVSS 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.
Published Mar 9, 2023 · Updated Jun 1, 2026