Siemens SCALANCE Series 输入验证错误漏洞

The Siemens SCALANCE Series is a family of industrial communication devices from Siemens Germany. An input validation error vulnerability exists in the Siemens SCALANCE Series, which arises from an affected device not properly validating input when loading a configuration file. This could allow a...

Vulnerabilities fixed in Cisco AsyncOS Software

Cisco has fixed vulnerabilities in Cisco AsyncOS Software Specific to Cisco Secure Web Appliance and Cisco Secure Email Gateway. The vulnerabilities are in the way Cisco AsyncOS Software handles requests and configuration files. An attacker can gain unauthenticated access to the system by using...

CVE-2022-1823

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execu...

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

CVE-2025-20184

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid...

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...

CVE-2024-6975

Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34...

PT-2025-5709 · Cisco · Cisco Secure Email Gateway +2

Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to perform...

Cisco AsyncOS 输入验证错误漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...

CVE-2025-0497 Rockwell Automation FactoryTalk® AssetCentre Data Exposure Vulnerability

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages...

CVE-2025-0785

A vulnerability was found in ESAFENET CDG V5 and classified as problematic. This issue affects some unknown processing of the file /SysConfig.jsp. The manipulation of the argument help leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

PT-2025-2590 · Google · Android Wificonfigurationutil

Name of the Vulnerable Software and Affected Versions: Android WifiConfigurationUtil affected versions not specified Description: A logic error in the code of WifiConfigurationUtil.java, specifically in the validateSsid function, could lead to a local denial of service due to a possible overflow ...

CVE-2023-50946

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism...

CVE-2023-50946

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism...

CVE-2023-50946 IBM Common Licensing information disclosure

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism...

CVE-2023-50946 IBM Common Licensing information disclosure

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism...

IBM Common Licensing 安全漏洞

IBM Common Licensing is a license management solution from International Business Machines IBM. A security vulnerability exists in IBM Common Licensing version 9.0 that originates from allowing an authenticated user to modify a configuration file that is inaccessible due to a broken authorization...

AlmaLinux 9 : java-17-openjdk security update for AlmaLinux 8.6, 8.8, 8.10, 9.4 and 9.5 (Medium) (ALSA-2025:0422)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:0422 advisory. JDK: Enhance array handling CVE-2025-21502 Bug Fixes: The AlmaLinux OpenJDK packages rely on the copy-jdk-configs package to transfer configuration files to a new...

CVE-2025-24337

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...

CVE-2025-0485

CVE-2025-0485 — Fanli2012 native-php-cms 1.0 is affected. An unknown function in /fladmin/sysconfig_doedit.php is susceptible to cross-site scripting via manipulation of the argument info. The vulnerability can be exploited remotely, and the exploit has been disclosed publicly. No remediation det...