Category: Bulletins

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Daily College Class Work Report Book A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is an unknown…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AutomationDirect–MB-Gateway The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info admintwentytwenty–UiPress lite | Effortless custom dashboards, admin themes and pages The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1clickmigration–1 Click WordPress Migration Plugin 100% FREE for a limited time The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1clickmigration–1 Click WordPress Migration Plugin 100% FREE for a limited time The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Novel-Plus–Novel-Plus A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdeptLanguage–Adept  Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdeptLanguage–Adept  Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info apple — macos  A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info apple — macos  A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a   A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a   A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Aboobacker.–AB Google Map Travel  Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Aboobacker.–AB Google Map Travel  Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a   Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Synology–Unified Controller (DSMUC)  Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Synology–Unified Controller (DSMUC)  Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client  Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client  Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. 2025-03-04 10 CVE-2024-50704 n/a–n/a …

Read more →