2426 matches found
CVE-2025-26394 SolarWinds SWOSH Open Redirection Vulnerability
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...
CVE-2025-26394
CVE-2025-26394 affects SolarWinds Observability Self-Hosted and is an open redirection vulnerability caused by insufficient URL sanitization. The core issue is improper URL cleanup that could redirect users to a malicious site. The CVE entry lists CVSS v3.1 base score 4.8 (Medium) with adjacent a...
CVE-2025-26394 SolarWinds SWOSH Open Redirection Vulnerability
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...
BIT-MARIADB-MIN-2022-24052
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
BIT-MARIADB-MIN-2022-24050
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...
BIT-MARIADB-MIN-2022-24048
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
PT-2025-24677 · Siemens · Scalance Xr326-8 Eec +20
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RST2428P versions prior to V3.2 SCALANCE XC316-8 versions prior to V3.2 SCALANCE XC324-4 versions prior to V3.2 SCALANCE XC324-4 EEC versions prior to V3.2 SCALANCE XC332 versions prior to V3.2 SCALANCE XC416-8 versions prior to V3....
CVE-2025-5747
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this...
CVE-2025-41366
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing CORS. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view...
CVE-2025-41367
Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...
CVE-2025-41363
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing CORS. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission...
CVE-2025-3485
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementati...
CVE-2025-3485 Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementati...
CVE-2025-3485 Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementati...
CVE-2025-3485
CVE-2025-3485 describes a directory traversal in Allegra’s extractFileFromZip that fails to validate a user-supplied path before file operations, enabling remote code execution in the current process with network access. Authentication is required to exploit. Root cause: improper path validation ...
CVE-2025-5747
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this...
CVE-2025-5747
CVE-2025-5747 affects WOLFBOX Level 2 EV Charger MCU command parsing. The flaw is in how command frames are parsed: the process fails to reliably detect the start of a frame, enabling misinterpretation of input. This can allow network-adjacent attackers to execute arbitrary code within the device...
CVE-2025-5747 WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this...
CVE-2025-41366
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing CORS. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view...
CVE-2025-41367 Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF
Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...