50 matches found
CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
CVE-2025-63225
The Eurolab ELTS100UBX device firmware version ELTS100v1.UBX is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive system and network configurations, upload firmware, and execute unauthorized...
EUVD-2025-35593
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
EUVD-2022-29592
Malicious code in bioql PyPI...
EUVD-2025-27994
Malicious code in bioql PyPI...
Digiever NVR 安全漏洞
Digiever NVR is a camera centralized management, video storage and surveillance device from Digiever Corporation of Taiwan, China. A security vulnerability exists in the Digiever NVR, which stems from the exposure of sensitive information, and could allow an unauthenticated, remote attacker to...
PT-2025-34489 · Voltronic Power +1 · Viewpower +1
Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower versions 1.04-21353 and earlier PowerShield Netguard versions prior to 1.04-23292 Description: A remote attacker can configure the system via a web interface without authentication. This includes changing the web...
Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to configuration and executable files
Vulnerability of the main and fileman modules of the 1C-Bitrix website management system: Website management involves insecure handling of privileges. Exploiting this vulnerability can allow an attacker to gain unauthorized access to configuration and executable files...
Radiflow iSAP Smart Collector 安全漏洞
Radiflow iSAP Smart Collector is a remote traffic collection and forwarding appliance designed for industrial networks from Radiflow USA. A security vulnerability exists in the Radiflow iSAP Smart Collector that originates from an unauthenticated REST API on the management network and could lead ...
CVE-2025-30167 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared %PROGRAMDATA% directory is searched for configuration files SYSTEMCONFIGPATH and SYSTEMJUPYTERPATH, which may allow users to create configuration...
PT-2025-18415
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the access of the PCI config space via pci ops::read and pci ops::write, which are low-level hardware...
CVE-2024-35277
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...
PT-2024-8645 · Ivanti · Ivanti Secure Access Client
Name of the Vulnerable Software and Affected Versions: Ivanti Secure Access Client versions prior to 22.7R4 Description: A race condition in Ivanti Secure Access Client allows a local authenticated attacker to modify sensitive configuration files. This issue is related to synchronization errors...
PT-2024-7422 · Trend Micro · Trend Micro Antivirus
Name of the Vulnerable Software and Affected Versions: Trend Micro Antivirus One versions 3.10.4 and below Consumer Description: The issue is related to insufficient access control, which could allow an attacker to gain unauthorized access to protected information. This could permit arbitrary...
PT-2024-4074 · NetGear · Netgear Wnr614 N300
Name of the Vulnerable Software and Affected Versions: Netgear WNR614 N300 version 1.1.0.54 1.0.1 Description: The issue is related to the storage of protected information in an unencrypted form. This could allow a remote attacker to disclose protected information. The estimated number of...
CVE-2022-4039
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server...
PT-2023-36151 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: openssl-ibmca versions prior to 2.4.0 Description: The issue concerns adjustments and fixes for OpenSSL versions 3.1 and 3.2, including support for RSA blinding, constant-time fixes for RSA PKCS1 v1.5 and OAEP padding, and support for 'implic...
PT-2023-16281 · Econolite · Econolite Eos
Name of the Vulnerable Software and Affected Versions: Econolite EOS versions prior to 3.2.23 Description: The issue concerns the use of a weak hash algorithm for encrypting privileged user credentials. A configuration file, accessible without authentication, utilizes MD5 hashes for credential...
OESA-2022-1676 git security update
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...