Latest high severity Vulnerabilities

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to targ...

Important: Network Observability 1.4.0 for OpenShift

### Impact This vulnerability affects deployments of Imageflow that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you...

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may...

### Impact Heap buffer overflow in `libwebp` allows a remote attacker to perform an out of bounds memory write via a crafted webp image. ### References - https://github.com/advisories/GHSA-j7hp-h8jx-...

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: ```js...

Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If th...

JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the correspond...

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to acc...

JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature a...

 Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker...

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected de...

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insuffic...

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed ...

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the appli...

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll bac...

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerabi...

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to r...

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command autho...

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affect...

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, r...

Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potent...

Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability

Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability

Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability

Cisco Catalyst SD-WAN Manager Vulnerabilities

Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability

Cisco IOS XE Software Web UI Command Injection Vulnerability

Cisco DNA Center API Insufficient Access Control Vulnerability

Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service...

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within th...

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exist...

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2.

Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution wi...

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.

Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.

Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.