EUVD-2024-54935

Malicious code in bioql PyPI...

EUVD-2023-49304

Malicious code in bioql PyPI...

CVE-2024-12923

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: Photo...

CVE-2024-12923

The CVE-2024-12923 entry concerns QNAP Photo Station and an XSS vulnerability. Affected product: Photo Station (QNAP). The vulnerability enables cross-site scripting when a logged-in user is targeted, with the attacker who has a user account able to exploit to read application data or bypass secu...

CVE-2025-49462

Summary: CVE-2025-49462 corresponds to a cross-site scripting vulnerability reported in Zoom Clients prior to 6.4.5. The issue is described as an authenticated user’s ability to disclose information via network access. The connected documents consistently state affected software as Zoom Clients b...

CVE-2023-48326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5...

app.valuationcontrol:library (>=0.5.8 <=0.5.9), at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2) +2660 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.5)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =0.5.8, =0.0.1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.1, =1.0.2, =1.0.4, =1.0.2, =1.0.16, =1.0.2, =1.0.4, =1.10.0, =1.10.0, =1.10.0, =1.15.1 and more Source cves: CVE-2025-41232 Source advisory:...

Timing Attack

Overview org.springframework.security:spring-security-crypto is a spring-security-crypto library for Spring Security. Affected versions of this package are vulnerable to Timing Attack due to an unintentional bypass for DaoAuthenticationProvider constant time controls, which was caused by the fix...

CVE-2024-47007

A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service...

Tenable Security Center Multiple Vulnerabilities (TNS-2024-21)

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-21 advisory. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14,...

CVE-2024-47011

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information...

CVE-2024-47009

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication...

CVE-2024-47011

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information...

CVE-2024-47010

CVE-2024-47010 affects Ivanti Avalanche prior to version 6.4.5, with a path traversal that enables a remote unauthenticated attacker to bypass authentication. The issue is addressed by Ivanti in 6.4.5 (and related advisories), and references indicate follow‑ups for related CVEs (e.g., 6.4.7) addr...

CVE-2024-47009

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication...

CVE-2024-47009

Ivanti Avalanche before 6.4.5 is affected by a Path Traversal vulnerability (CVE-2024-47009) that allows a remote, unauthenticated attacker to bypass authentication. The issue is documented across multiple sources (e.g., Red Hat advisory, NVD/NASL plugin context, NCCS/Nessus notes) and is address...

CVE-2024-47008

Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions prior to 6.4.5, which stems from a null pointer...

PT-2024-6875

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche versions prior to 6.4.5 Description The issue is a path traversal affecting the Faces Mojarra component within Ivanti Avalanche. This allows a remote, unauthenticated attacker to potentially reveal sensitive information. The...

PT-2024-6873 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.5 Description: The issue is related to a path traversal vulnerability in the SecureFilter component of Ivanti Avalanche, which is caused by incorrect restriction of access to a directory with limited...