Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow…
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient val…
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may…
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may…
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient valida…
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromise the integrity of the SSH session, allowing manipulation of transmitted data i…
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercep…
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via s…