| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request. |
| A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers. |
| GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server. |
| The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. |
| Windows Installer Elevation of Privilege Vulnerability |
| SysInternals Sysmon for Windows Elevation of Privilege Vulnerability |
| Windows Backup Service Elevation of Privilege Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability |
| Clipboard Virtual Channel Extension Remote Code Execution Vulnerability |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| Microsoft OfficePlus Elevation of Privilege Vulnerability |
| D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack. |
| Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL. |
| Microsoft PC Manager Elevation of Privilege Vulnerability |
| Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability |
| Visual Studio Collector Service Denial of Service Vulnerability |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
