CVE-2025-27167

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical...

The vulnerability of the microprogramming software of Mitel series 6800, 6900, 6900w, and 6970 lies in the fact that it allows for the insertion or modification of arguments, enabling an intruder to gain unauthorized access to protected information, alter the phone’s configuration, or execute arbitrary commands.

The vulnerability of the microprogramming software of Mitel series 6800, 6900, 6900w, and 6970 is related to the implementation or modification of arguments. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information, modify the phone’s configuration,...

PT-2023-32496 · Esm · Esm

Name of the Vulnerable Software and Affected Versions: ESM versions prior to 11.6.8 Description: A server-side request forgery issue allows a low-privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation...

PT-2023-6146 · Juniper Networks · Junos Evolved +1

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S4 Juniper Networks Junos OS versions 21.1 prior to 21.1R3-S4 Juniper Networks Junos OS versions 21.2 prior to 21.2R3-S2 Juniper Networks Junos OS versions 21.3 prior to 21.3R2-S2, 21.3R3-S1...

PT-2023-5579 · Cisco · Cisco Catalyst Sd-Wan Manager

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst SD-WAN Manager affected versions not specified Description: The issue is related to insufficient user session management within the Cisco Catalyst SD-WAN Manager system, specifically in the multi-tenant feature. This could allo...

CVE-2023-39285

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 22.24.5800.0 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modifi...

The vulnerability of the account_operator.cgi file in the microprogramming software for ZyXEL USG FLEX and VPN devices allows a hacker to alter the device’s configuration data and trigger a service failure.

The vulnerability of the accountoperator.cgi file in the ZyXEL USG FLEX and VPN networking devices relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a malicious actor to remotely alter the device’s...

Open Web Analytics 1.7.3 Remote Code Execution Exploit

Open Web Analytics OWA versions prior to 1.7.4 allow an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. class MetasploitModule 'Open Web Analytics 1.7.3 - Remote Code Execution RCE', 'Description' = %q Op...

PT-2023-1944 · Adobe · Adobe Creative Cloud Desktop Application

Name of the Vulnerable Software and Affected Versions: Adobe Creative Cloud Desktop Application versions 5.9.1 and earlier Description: The issue is related to an untrusted search path in the application, which could allow an attacker to execute arbitrary code, access unauthorized data files, or...

CVE-2022-20696

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...

CVE-2022-20696

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...

Motorola Solutions ACE1000 信任管理问题漏洞

The Motorola Solutions ACE1000 is a Remote Terminal Unit RTU from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions ACE1000 RTU version that originates from communication with the XRT LAN to the radio gateway via an embedded client, where access credentials to this...

CVE-2022-20773

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance VA could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing ...

CVE-2022-20735

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

CVE-2021-45732

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools,...

Fresenius Kabi Agilia Connect Infusion System 访问控制错误漏洞

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.An authorization issue vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which stems from the fact that the program has a default configuration page that can be accessed...

CVE-2021-32930

The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView versions prior to v5.7.03.6182...

HP Edgeline Infrastructure Management 访问控制错误漏洞

HPE Edgeline Infrastructure Management is a software from Hewlett-Packard HPE for data center environments to manage Edge devices. An authorization issue vulnerability exists in Edgeline Infrastructure Manager versions prior to 1.22 that stems from a failure to perform adequate authorization...

Cisco Application Services Engine 访问控制错误漏洞

Cisco Application Services Engine provides a common platform for deploying Cisco data center applications. An unauthorized access vulnerability exists in Cisco Application Services Engine 1.13d and earlier versions, which can be exploited by a remote, unauthenticated attacker to elevate access to...

Security update for neomutt (moderate)

openSUSE Security Update: Security update for neomutt Announcement ID: openSUSE-SU-2020:2157-1 Rating: moderate References: 1172906 1172935 1173197 1179035 1179113 Cross-References: CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 CVE-2020-28896 Affected Products: openSUSE Backports SLE-15-SP1 An...