67 matches found
SUSE CVE-2026-32609
Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...
CVE-2026-32609
Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...
CVE-2019-25365 ChaosPro 2.0 - Buffer Overflow
ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory...
PT-2026-20540
ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory...
ChaosPro 安全漏洞
ChaosPro is an open-source fractal geometry generation software developed by ChaosPro. Version 2.0 of ChaosPro contains a security vulnerability, which stems from buffer overflows in the handling of configuration file paths. This vulnerability could potentially allow arbitrary code to execute by...
CVE-2026-2535
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...
EVE's Debug Functions Unlockable Without Triggering Measured Boot
Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...
CVE-2025-14018
Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries. This issue affects e-Fatura: before 1.2.15...
CVE-2025-66266
The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...
curl: Arbitrary Configuration File Inclusion: via External Control of File Name or Path
Summary: The Arbitrary Configuration File Inclusion ACFI vulnerability was identified in the curl utility via the --config option. This flaw is a form of External Control of File Name or Path CWE-73, occurring due to the lack of adequate validation on the user-supplied configuration file path. An...
CVE-2025-61141
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...
EUVD-2006-7008
Malware in sbrugna...
CVE-2025-27237
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...
CVE-2025-34234
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain two hardcoded private keys that are shipped in the application containers printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the datasconfigethicallicensekey parameter in the /apprain/admin/config/ethical process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that ...
Linux Distros Unpatched Vulnerability : CVE-2021-22004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in...
CVE-2025-8614 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
GHSA-HQ8M-V68G-8CF8 Opencast has a partial path traversal vulnerability in UI config
The protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the...
AutoConnect 安全漏洞
AutoConnect is an Arduino library by the individual developer Hieromon Ikasamo. A security vulnerability exists in AutoConnect version 1.4.2, which stems from the AutoConnect web interface /ac/config that allows execution of HTML/JS code in a specially crafted network SSID, potentially leading to...
SUSE-SU-2025:02499-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...