CVE-2026-26361

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

CVE-2026-26361

The CVE-2026-26361 entry concerns Dell Unisphere for PowerMax v10.2, where an External Control of File Name or Path vulnerability could allow a low-privileged, remote attacker to cause information disclosure. The provided materials identify the affected product and vulnerability class, the impact...

CVE-2022-26361

IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

CVE-2025-26361

creationtimestamp| type| source ---|---|--- 2025-02-12 14:48:37+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/113991464757815941 2025-02-12 15:09:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lhyhdxsodp2y 2025-02-12 15:20:55+00:00| seen|...

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

CVE-2025-26361

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests...

CVE-2025-26361

CVE-2025-26361 affects Q-Free MaxTime (versions up to 2.11.0). The vulnerability is due to missing authentication for a critical function in maxprofile/setup/routes.lua, enabling an unauthenticated remote attacker to factory reset the device via crafted HTTP requests. Some sources confirm the iss...

CVE-2023-26361

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user...

CVE-2023-26361

Adobe ColdFusion versions 2018 Update 15 and earlier and 2021 Update 5 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user...

CVE-2023-26361

CVE-2023-26361 is an Adobe ColdFusion path-traversal vulnerability affecting 2018 Update 15 and earlier and 2021 Update 5 and earlier, enabling Arbitrary file system read. Exploitation does not require user interaction but requires administrator privileges. Remediation per APSB23-25 is to apply t...

SUSE: Security Advisory (SUSE-SU-2022:2158-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for xen (SUSE-SU-2022:2065-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2022:2065-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2065-1 advisory. - IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs;...

openSUSE: Security Advisory for xen (SUSE-SU-2022:1506-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-26361

creationtimestamp| type| source ---|---|--- 2022-05-12 22:36:31+00:00| seen| https://t.me/cibsecurity/42543...

CVE-2021-26361

The CVE-2021-26361 vulnerability affects AMD ASP/AGESA Boot Loader where a malicious or compromised UApp or ABL could exfiltrate arbitrary memory from the ASP stage 2 bootloader, leading to information disclosure. The issue is tied to the boot firmware stack (AGESA PI) across multiple AMD platfor...

AMD Client Vulnerabilities – May 2022

Bulletin ID: AMD-SB-1027 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2022:1506-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1506-1 advisory. - Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode...