The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.
JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.
The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be execu...
Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the ...
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEnd...
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by thei...
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk spa...
The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the system.
The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_order’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficie...
The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of the 'fusion_section_separator' shortcode...
Missing Authorization vulnerability in merkulove Couponer for Elementor couponer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through <= 1.1.7.
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hard...