852 matches found
CVE-2025-61235
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device...
CVE-2025-40068 fs: ntfs3: Fix integer overflow in run_unpack()
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...
CVE-2025-61235
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device...
CVE-2025-41720
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
AutomationDirect Productivity Suite 安全漏洞
AutomationDirect Productivity Suite is a programmable logic controller programming software from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect Productivity Suite version 4.4.1.19, which originates from a relative path traversal that can be performed by a remote attack...
CVE-2025-41720
CVE-2025-41720 affects Sauter modu680-AS (modular automation station with a web server). The issue arises when the webserver API validates only the file extension, allowing a low-privileged remote attacker to upload arbitrary data masked as a PNG file. The root cause is insufficient validation of...
EUVD-2025-35333
A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...
Sauter modu680-AS 安全漏洞
Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A security vulnerability exists in Sauter modu680-AS, which stems from validating only file extensions and could lead to the upload of arbitrary data by a low-privileged remote attacker...
CVE-2025-62389
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-11623
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
EUVD-2025-34108
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...
EUVD-2025-34101
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...
EUVD-2025-34098
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...
EUVD-2025-34103
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...
EUVD-2025-34100
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62392
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62391
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62390
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62392
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62391
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...