In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, ...
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A crafted ENIP/CPF message can supply an att...
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in ...
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation o...
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded...
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.