Medium · CVSS 5.3
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.
Published Sep 12, 2024 · Updated Jul 5, 2026
Medium · CVSS 6.1
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.
Published Sep 12, 2024 · Updated Jul 5, 2026
Critical · CVSS 9.3
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
Published Sep 12, 2024 · Updated Jul 5, 2026
Medium · CVSS 6.7
Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page.
Published Sep 4, 2024 · Updated Jul 5, 2026
Medium · CVSS 6.5
Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field
Published Sep 2, 2025 · Updated Jul 5, 2026
High · CVSS 7.6
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
Published Sep 24, 2024 · Updated Jul 5, 2026
Medium · CVSS 6.5
Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.
Published Sep 30, 2024 · Updated Jul 5, 2026
Critical · CVSS 9.9
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
Published Sep 19, 2024 · Updated Jul 5, 2026
Critical · CVSS 9.8
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
Published Sep 9, 2024 · Updated Jul 5, 2026
High · CVSS 8
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access.
Published Sep 10, 2024 · Updated Jul 5, 2026
High · CVSS 8.8
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.
Published Sep 11, 2024 · Updated Jul 5, 2026
Low · CVSS 3.7
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
Published Sep 11, 2024 · Updated Jul 5, 2026
High · CVSS 8.8
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.
Published Sep 11, 2024 · Updated Jul 5, 2026
Medium · CVSS 4.7
A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Published Sep 11, 2024 · Updated Jul 5, 2026
High · CVSS 8.8
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.
Published Sep 11, 2024 · Updated Jul 5, 2026
High · CVSS 8.8
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.
Published Sep 11, 2024 · Updated Jul 5, 2026
High · CVSS 8.8
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php.
Published Sep 11, 2024 · Updated Jul 5, 2026
Low · CVSS 3.9
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Published Sep 3, 2024 · Updated Jun 30, 2026
Low · CVSS 3.9
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Published Sep 3, 2024 · Updated Jun 30, 2026
Low · CVSS 3.9
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
Published Sep 3, 2024 · Updated Jun 30, 2026
Low · CVSS 3.9
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
Published Sep 3, 2024 · Updated Jun 30, 2026
Low · CVSS 2.9
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
Published Sep 10, 2024 · Updated Jun 30, 2026
Low · CVSS 3.9
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Published Sep 3, 2024 · Updated Jun 30, 2026
Medium · CVSS 4.3
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Published Sep 3, 2024 · Updated Jun 30, 2026
High · CVSS 7.5
A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime.
Published Sep 4, 2024 · Updated Jun 29, 2026
Critical · CVSS 9.2
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.
This issue affects Accord ORS: before 7.3.2.1.
Published Sep 6, 2024 · Updated Jun 3, 2026
High · CVSS 8.8
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.
This issue affects V5: before 6.2.
Published Sep 12, 2024 · Updated Jun 3, 2026
High · CVSS 8.8
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.
This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
Published Sep 12, 2024 · Updated Jun 3, 2026
High · CVSS 8.8
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
Published Sep 12, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.
This issue affects Website Template: before 1.2.
Published Sep 27, 2024 · Updated Jun 3, 2026
Medium · CVSS 6.9
Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.
This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
Published Sep 3, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS.
This issue affects BAP Automation: before 30840.
Published Sep 25, 2024 · Updated Jun 3, 2026
Medium · CVSS 6.9
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.
This issue affects Yordam Library Automation System: before 20.1.
Published Sep 18, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.4
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.
This issue affects Panel: before v2.3.24.
Published Sep 18, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.
This issue affects Panel: before v2.3.24.
Published Sep 18, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.8
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.
This issue affects Panel: before v2.3.24.
Published Sep 18, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.
This issue affects InsureE GL: before 4.6.2.
Published Sep 16, 2024 · Updated Jun 3, 2026
High · CVSS 8.5
Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data.
This issue affects Mobile Library Application: before 5.0.
Published Sep 18, 2024 · Updated Jun 3, 2026
Critical · CVSS 10
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.
This issue affects DataDiodeX: from v3.0.0 before v3.1.7.
Published Sep 6, 2024 · Updated Jun 3, 2026
High · CVSS 8.8
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.
This issue affects Cockpit Software: before v2.13.
Published Sep 13, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.
This issue affects Panel: before v2.3.24.
Published Sep 18, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.2
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.
This issue affects Panel: before v2.3.24.
Published Sep 18, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.
This issue affects NACPremium: through 01082024.
Published Sep 2, 2024 · Updated Jun 3, 2026
Medium · CVSS 4.8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.
This issue affects NACPremium: through 01082024.
Published Sep 2, 2024 · Updated Jun 3, 2026
High · CVSS 8.7
Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.
This issue affects NACPremium: through 01082024.
Published Sep 2, 2024 · Updated Jun 3, 2026
High · CVSS 7.1
Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.
This issue affects PassBox: before v1.2.
Published Sep 9, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.
This issue affects Semtek Sempos: through 31072024.
Published Sep 4, 2024 · Updated Jun 3, 2026
Medium · CVSS 5.3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS.
This issue affects Semtek Sempos: through 31072024.
Published Sep 4, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.
This issue affects Semtek Sempos: through 31072024.
Published Sep 4, 2024 · Updated Jun 3, 2026
Critical · CVSS 9.2
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.
This issue affects ww.Winsure: before 4.6.2.
Published Sep 16, 2024 · Updated Jun 3, 2026