goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.

goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.

goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.

The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service.

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.

AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.