995 matches found
CVE-2025-23056
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the...
CVE-2020-7304
Cross site request forgery vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label...
CVE-2024-41915
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in...
CVE-2025-15382
A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...
Quanta QOCA aim AI Medical Cloud Platform 安全漏洞
Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. A...
Quanta QOCA aim AI Medical Cloud Platform 安全漏洞
Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta, a Taiwan, China-based company that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. Quant...
CVE-2025-47208
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same...
PT-2026-1076
Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.0.3192 build 20250716 Description A buffer overflow condition exists in QNAP operating...
QNO VPN Firewall 操作系统命令注入漏洞
QNO VPN Firewall is a multi-functional security gateway from Taiwan, China-based QNO. QNO VPN Firewall suffers from an operating system command injection vulnerability that originates from OS command injection, which could allow an authenticated remote attacker to execute arbitrary OS commands on...
CVE-2025-40935
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.1, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.1, RUGGEDCOM RS416v2 V5.X All versions V5.10.1, RUGGEDCOM RS900 32M V5.X All versions V5.10.1, RUGGEDCOM RS900G 32M V5.X All versions V5.10.1, RUGGEDCOM RSG2100 32M V5.X...
PT-2025-49514
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
EUVD-2025-198085
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
EUVD-2025-198066
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-37162
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
CVE-2025-37157
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on the affected system...
PT-2025-47387
Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Executio...
CVE-2025-64444
Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS...
PT-2025-45589
Name of the Vulnerable Software and Affected Versions U-Office Force affected versions not specified Description U-Office Force developed by e-Excellence is subject to a SQL Injection issue. This allows an authenticated remote attacker to inject arbitrary SQL commands, potentially leading to...
EUVD-2025-38281
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...
CVE-2025-53409 File Station 5
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...