13th November 2023
Zitadel was found to be vulnerable to a race condition, leading to the application processing numerous successful brute-force login attempts before triggering an account lockout.
: Security Feature Bypass In Zitadel
7th November 2023
The avatar upload functionality was found to be vulnerable to stored cross-site scripting via SVG's.
: Zitadel one click silent account takeover
12th July 2023
The SignInManager in ASP.NET was found to be vulnerable to a Race Condition leading to thousands of successful brute-force login attempts before triggering an account lockout.
: Security Feature Bypass In ASP.NET and Visual Studio
31st May 2023
The Kramer VIA GO² is a "Compact & Secure 4K Wireless Presentation Device", which was found to have multiple high risk security issues.
: Kramer VIA GO²
31st January 2023
Multiple vulnerabilities were found in perfSONAR that could allow a malicious individual to scan the internal network and read arbitrary files on the server.
16th November 2022
Precisely Spectrum Spatial Analyst 2020.1.0 S44 was found to be vulnerable to Server-Side Request Forgery (SSRF) and a Path Traversal sequence vulnerability.
: Spectrum Spatial Analyst 20.1
8th August 2022
A number of vulnerabilities were discovered in the suite of applications bundled as Genero Enterprise including RCE in the Genero Mobile for Android framework, and a lack of certificate validation across the suite.
: Genero Enterprise
6th July 2022
The Wiris MathType library (v7.28.0 and lower) was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler.
: Wiris MathType
1st November 2021
A malicious user could gain shell access to the Accellion kiteworks application, complete with root privileges.
: Accellion kiteworks
27th May 2021
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled.
: Ruby Dragonfly
19th March 2021
A Cross Site Scripting vulnerability in Silverstripe allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.
21st April 2020
Access control vulnerabilities were identified within the VMware vCloud Director API (prior to v18.104.22.168). An organisation administrator can create, remove or revert snapshot operations against vApps and VMS located in other organisation VDCs.
: VMWare vCloud API
21st April 2020
A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries.
: Cisco CWS
30th March 2020
Multiple vulnerabilities where identified within the TelStrat Engage (v5.6.1) application, including unauthenticated access to cleartext passwords.
: TelStrat Engage
30th March 2020
RSA Archer contains multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
: RSA Archer
17th December 2019
A CSRF vulnerability was identified in SolarWinds' file upload functionality.
: SolarWinds SERV-U
9th December 2019
Multiple vulnerabilities were found in the Squiz Matrix CMS that could result in arbitrary file deletion, information disclosure, and remote code execution.
: Squiz Matrix CMS
6th March 2019
An input validation issue was discovered in the ASP.NET Boilerplate that could lead to significant client-side security vulnerabilities.
: ASP.NET Boilerplate
20th February 2019
Multiple vulnerabilities were identified within Teracue ENC-400, including broken authentication and command injection.
: Teracue ENC-400
1st May 2018
Several major vulnerabilities have been identified within WatchGuard Access Point devices that can be chained together to gain pre-authenticated remote code execution.
: WatchGuard Access Points