CVE-2025-32872

TeleControl Server Basic (Siemens) prior to v3.1.2.2 contains SQL injection in the GetOverview path, enabling an authenticated remote attacker to bypass authorization, read/write the database and execute code with NT AUTHORITY\NetworkService permissions. Attack requires access to port 8000 where ...

CVE-2025-32867

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32844

CVE-2025-32844 affects Siemens TeleControl Server Basic (versions before 3.1.2.2). The vulnerability is an SQL injection in the UnlockUser method that can let an authenticated remote attacker bypass authorization, read/write the database, and execute code with NT AUTHORITY\NetworkService privileg...

CVE-2025-32837

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to...

CVE-2025-31351

CVE-2025-31351 affects Siemens TeleControl Server Basic (all versions

PT-2025-16833 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...

CVE-2025-27481

Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network...

CVE-2025-27482

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network...

CVE-2025-3129

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4...

CVE-2025-3129 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4...

CVE-2025-3129 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4...

Drupal Access code 安全漏洞

Drupal Access code is a Drupal module for the Drupal community. A security vulnerability exists in Drupal Access code versions prior to 2.0.4, which stems from an improperly restricted authentication attempt that could lead to brute force cracking...

Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028

This module enables users to log in using a short access code instead of providing a username/password combination. The module doesn't sufficiently protect against brute force attacks to guess a user's access code. This vulnerability is mitigated by the fact that access code based logins are off ...

PT-2025-14554 · Drupal · Drupal Access Code

Name of the Vulnerable Software and Affected Versions: Drupal Access code versions 0.0.0 through 2.0.3 Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts, which allows for Brute Force attacks. Recommendations: For versions 0.0.0 through 2.0.3, update...

Drupal Access code module < 2.0.4 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Marcin Maruszewski marcin maruszewski in WordPress Module Access code versions 2.0.4...

CVE-2025-22473

Dell SmartFabric OS10 Software (Dell Networking) is affected by a Command Injection vulnerability in the OS10 software stack. A low-privileged attacker with local access could potentially achieve code execution through improper neutralization of special elements in commands, with affected version...

WordPress Edd Google Sheet Connector Pro plugin < 1.4 - Cross-Site Request Forgery to Access Code Update vulnerability

Cross-Site Request Forgery to Access Code Update vulnerability discovered by Erwan LR in WordPress Plugin Edd Google Sheet Connector Pro versions 1.4...

CVE-2022-28743

Time-of-check Time-of-use TOCTOU Race Condition vulerability in Foscam R2C IP camera running System FW = 1.13.1.6, and Application FW = 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of...

CVE-2024-7582

A vulnerability classified as critical was found in Tenda i22 1.0.0.34687. This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated...

CVE-2024-24925

A vulnerability has been identified in Simcenter Femap All versions V2306.0000. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current...