A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user…

Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device’s firmware used for device communication using MQTT. An attacker who gained…

OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal…

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious…

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. Zafiyet ile ilgili Genel Bilgi, Etki ve…

Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera’s settings and the administrator credentials. Zafiyet ile ilgili Genel…

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.…

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model…

A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue.…

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry’s CSP were to be bypassed. This…