7 matches found
CVE-2026-9245
Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...
CVE-2026-4670
MOVEit Automation (Progress Software) is affected by two CVEs. CVE-2026-4670 is an authentication bypass due to a primary weakness impacting MOVEit Automation releases older than 2025.0.9, 2024.1.x, and 2024.0.x series; CVSSv3.1 is 9.8 (Network, required none, user interaction none, confidentiali...
CVE-2026-4670 Improper Authentication vulnerability in Progress MOVEit Automation
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...
CVE-2025-64463
There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...
CVE-2025-64461
NI LabVIEW is affected by an out-of-bounds write in mgocre_SH_25_3!RevBL() when opening a corrupted VI file, impacting 2025 Q3 (25.3) and earlier. Exploitation requires a user to open a crafted VI and can lead to information disclosure or arbitrary code execution. A patch/update to a version late...
PT-2025-44363
Name of the Vulnerable Software and Affected Versions versions prior to 2025-54548 Description Restricted users could view sensitive portions of the config database via a debug API. Specifically, user password hashes were exposed. The API endpoint used for this exposure is a debug API...
PT-2025-34298 · Liferay · Liferay Dxp
Name of the Vulnerable Software and Affected Versions: Liferay DXP versions 2025.Q2.0 through 2025.Q2.3 Description: A server-side request forgery SSRF vulnerability exists due to insecure domain validation on analytics.cloud.domain.allowed. This allows an attacker to perform requests by changing...