276 matches found
coolLabs Coolify Information Disclosure Vulnerability (CNVD-2025-19124)
Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from an information disclosure vulnerability that stems from the fact that any authenticated user only needs to know the UUID of the model, which can be exploited by an attacker to obtain the...
CVE-2024-20458
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication o...
CVE-2024-35277
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...
UBUNTU-CVE-2024-53214
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability i.e., capability with ID greater than PCIEXTCAPIDM...
PT-2024-21074 · Infinera · Infinera Tnms Server
Name of the Vulnerable Software and Affected Versions: Infinera TNMS Server version 19.10.3 Description: The issue allows attackers with access to the database or exported configuration files to obtain SNMP users' usernames and passwords in cleartext. This occurs due to the cleartext storage of...
CVE-2024-8456
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...
CVE-2024-47160
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible...
Siemens SIMATIC RFID Readers Hidden Function Vulnerability (CNVD-2024-38007)
SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...
HP SiteScope SOAP Call GetSiteScopeConfiguration Configuration Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access', 'Description' = %q This module exploits an authentication bypass...
Asterisk 安全漏洞
Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk has a security vulnerability that stems from the fact that an AMI user with write=originate can change all configuration files in the /etc/asterisk/...
CVE-2024-2359
The CVE concerns parisneo/lollms-webui v9.3. An OS command injection stems from improper neutralization, enabling remote code execution. Affected component: the host/config handling in the runtime; attacker-controlled host via the /update_setting endpoint bypasses the intended protection on /exec...
Important: Red Hat Security Advisory: unbound security update
An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
UBUNTU-CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
PT-2024-19815
Name of the Vulnerable Software and Affected Versions LDAP Account Manager LAM versions prior to 8.7 Description LDAP Account Manager LAM is a web frontend for managing entries stored in an LDAP directory. LAM's log configuration allows specifying arbitrary paths for log files. An attacker could...
NetApp StorageGRID Cross-Site Scripting Vulnerability
NetApp StorageGRID is a suite of object storage solutions from Network Appliance NetApp. A security vulnerability exists in NetApp StorageGRID versions prior to 11.8. An attacker could exploit the vulnerability to view or modify configuration settings or add/modify user accounts...
Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component is a graphics driver component from Microsoft Corporation USA. An information disclosure vulnerability exists in Microsoft Graphics Component msgraph-sdk-php that originates from a vulnerability that allows an attacker to craft HTTP requests to be able to access syste...
PT-2023-28093 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to an Uncontrolled Search Path Element vulnerability, which allows for Leveraging/Manipulating Configuration File Search Paths. This vulnerability enables access to the...
C-First DVR Security Breach
C-First DVR is a digital video recorder from C-First. A security vulnerability exists in the C-First DVR that stems from the system's use of hard-coded passwords, which could allow an unauthenticated, remote attacker to rewrite or gain access to the configuration information of the affected...
PT-2023-30368 · First · Cfr-4Eab +4
Name of the Vulnerable Software and Affected Versions: First Corporation's DVRs versions of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB affected versions not specified, but updates are provided only for Late models Description: The issue is related to a hard-coded password in...
PT-2023-13434 · Lenovo · Lenovo Printers
Name of the Vulnerable Software and Affected Versions: Lenovo Printers affected versions not specified Description: The issue allows standard users to directly operate and set printer configuration information, such as IP, in some Lenovo Printers without having to authenticate with the...