CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

CVE-2023-32357

An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...

CVE-2025-1091

CVE-2025-1091 is tied to Tenable Identity Exposure before version 3.77.9, where a Broken Authorization issue allowed any authenticated user to download IOA scripts and configuration files if the URL is known. Publicly available documents indicate the vulnerability is addressed in Tenable’s adviso...

Input validation

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and...

CVE-2023-35136

CVE-2023-35136 describes an improper input validation vulnerability in the Quagga package across Zyxel devices (ATP series 4.32–5.37; USG FLEX 4.50–5.37; USG FLEX 50(W) 4.16–5.37; USG20(W)-VPN 4.16–5.37; VPN series 4.30–5.37) that could allow an authenticated local attacker to access configuratio...

Web Port 授权问题漏洞

Web Port is a web-based SCADA data acquisition and monitoring system and HMI human machine interface system. A security vulnerability exists in Cynet 360 Web Portal versions prior to v4.5, which stems from a vulnerability that allows an attacker to access a list of excluded files and configuratio...

The vulnerability of the WISE-4060 Ethernet module’s microprogramming software, related to the unencrypted storage of confidential information, allows a perpetrator to gain full access to the device’s configuration files.

The vulnerability of the WISE-4060 Ethernet module’s microprogramming software is related to the unencrypted storage of confidential information. Exploiting this vulnerability could allow an attacker to gain full access to the device’s configuration files...

The vulnerability of the CLI component of Cisco Enterprise Network Function Virtualization Infrastructure (NFVIZ) software allows a attacker to access system configuration files.

The vulnerability of the CLI component of Cisco Enterprise Network Function Virtualization Infrastructure NFVIZ software lies in insufficient validation of input data. Exploiting this vulnerability can allow attackers to access system configuration files through a specially crafted request...

ZTE ZXR10 1800-2S Improper Access Control Vulnerability

The ZTE ZXR10 1800-2S is a router from ZTE. The ZTE ZXR10 1800-2S fails to properly restrict the range of file download directories for web users, allowing remote attackers to exploit the vulnerability by submitting special requests to download configuration files and steal sensitive information...

Server side request forgery (ssrf)

The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request...