Weekly Threat & Vulnerabilities Report

Critical argument injection vulnerability in PHP on Windows servers

Authentication Bypass Vulnerability in ConnectWise ScreenConnect.

Remote code execution vulnerability in Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.

Command injection vulnerability in LB-LINK devices.

Command Injection Vulnerability in TP-Link Archer AX-21.

Command injection vulnerability via the Ping function in Tenda Products.

An unauthenticated command injection vulnerability found in the TP-Link Archer AX21 WiFi router.

Remote code execution vulnerability in Huawei HG532 router

Improper protocol access control vulnerability in Eir D1000 modem .

Authentication bypass vulnerability in VMware Tools leads to remote code execution

Information disclosure vulnerability due to improper permission of files in vCenter server multiple versions

Path Traversal vulnerability in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11

Heap-based buffer overflow vulnerability in FortiOS SSL-VPN and FortiProxy SSL-VPN