212 matches found
CVE-2025-7406
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative local admin privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute...
CVE-2025-24815
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...
CVE-2025-7406
CVE-2025-7406 affects Nokia MantaRay NM. A local privilege escalation allows an admin with local privileges to gain root access, yielding root filesystem control and full actions as root. Mitigation mentioned: temporarily restrict the set of commands permitted via sudo for affected accounts. No s...
CVE-2025-24815 An unrestricted file upload vulnerability in Nokia MantaRay NM
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...
CVE-2025-24815
CVE-2025-24815 affects Nokia MantaRay NM and describes an unrestricted file upload vulnerability caused by insufficient file type validation. The issue could allow an authenticated attacker to upload malicious files onto the system. No remediation details are provided in the supplied documents.
EUVD-2025-210369
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...
CVE-2026-35014 Open ISES Tickets < 3.44.2 Reflected XSS via routes_nm.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacke...
CVE-2026-35014 Open ISES Tickets < 3.44.2 Reflected XSS via routes_nm.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacke...
Astra Linux – Vulnerability in binutils
A memory consumption issue in the getdata function in binutils/nm.c in GNU nm before version 2.34 allows attackers to cause a denial of service through crafted commands...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in routesnm.php, which coul...
EUVD-2025-209263
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application...
EUVD-2025-209264
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application...
CVE-2025-24817
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application...
CVE-2025-24819 A Relative Path Traversal vulnerability in Nokia MantaRay NM
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...
CVE-2025-24818
CVE-2025-24818 affects Nokia MantaRay NM, with an OS command injection in the Log Search application caused by improper neutralization of special elements used in an OS command. The CVSS v3.1 metrics indicate a base score of 8.0 (High) with adjacent attack vector, low attack complexity, low privi...
CVE-2025-24818
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application...
CVE-2025-24817
Nokia MantaRay NM (Symptom Collector) is reported to be vulnerable to an OS command injection caused by improper neutralization of special elements in an OS command. CVSS v3.1 base score 8.0 (HIGH) with adjacent attack vector, low attack complexity, and low privileges required, no user interactio...
PT-2026-30842
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...
Projectworlds Online Art Gallery Shop SQL注入漏洞
Projectworlds Online Art Gallery Shop is an online art gallery store open source by Projectworlds. Version 1.0 of Projectworlds Online Art Gallery Shop has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the file/admin/adminHome.php, specifically...
Astra Linux – Vulnerability in GCC-12
In libiberty/rust-demangle.c within GNU GCC 11.2, stack consumption is allowed in the demangleconst function, as demonstrated by the nm-new output...