Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615.

Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.

Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.

Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.

Infoblox NIOS through 8.6.4 executes with more privileges than required.

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.

GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise.

An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself.

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials.

In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.