Camera Hijack on Unifi Protect, Dylib Hijacking in Davinci Resolve, Non-deterministic Deserialization in IBC-go, Authentication Bypass in CyberArk, RCE in Uniguest Tripleplay and more

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

Integer Overflow in Mercedes-Benz, RCE via Deserialization in Apache Ignite, Improper Authentication in Orca HCM, Plaintext Password in Netgear C7800 and more

Remote code execution via Prompt Injection in PandasAI, Unverified password change vulnerability in Janto, Private Key Extraction in Elliptic (JS) and Regex Denial of Service in Koa and more

Django Unicorn Class Pollution, GeoTools XPath Manipulation, Eladmin CSV Injection, Zimbra SQL Injection, Woocomerce Taxi Booking Deserialization and more

Code Injection via UnTar in DJL, Header Bypass in ismp-grandpa, Arbitrary File Upload in Wordpress Plugin and more

Account Takeover in Wordpress Plugin, SQL Injection in APlus, SSRF in Apache Ranger UI and more

Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more

OpenVPN Code Injection, go-git Command Injection, Perl OAuth Nonce Manipulation and more