The reporting functionality in Wyn Enterprise allows for code inclusion, but does not sufficiently restrict what code can be included. An attacker can use a low-privileged account to abuse this functionality and execute malicious code, load DLLs, and execute operating system commands on the host system with high-privileged applications. This issue is fixed in version 8.0.00204.0
CVSS v4: 8.7
Attack Requirements: None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
A vulnerability in Ant Media Server Community Edition allows manipulation of headers in HTTP requests, enabling an unauthorized user to access all API functionalities (except for administrative ones) of the Ant Media Server Community Edition.
A directory traversal vulnerability in the file upload functionality in Gotenberg - before version 6.2.1 allows an attacker to upload and overwrite arbitrary writable files outside the intended directory.
This may lead to Denial of Service (DoS), modification of application behavior or code execution..