Source
CVE
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.