CVE-2019-19108

An authentication weakness in the SNMP service in B Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B products via SNMP...

CVE-2024-20412

A vulnerability in Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded...

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

CVE-2024-10498

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in...

DRUPAL-CONTRIB-2025-003

The Drupal AI module provides a framework for easily integrating Artificial Intelligence on any Drupal site using any kind of AI from multiple vendors. The sub-modules AI Chatbot and AI Assistants API allow users to interact with the Drupal site via a 'chat' interface. The AI Chatbot module doesn...

CVE-2024-12867

Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data...

CVE-2024-12867 Server-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to exfiltrate and modify configurations and data

Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data...

CVE-2024-42453

The CVE-2024-42453 entry concerns Veeam Backup & Replication where low-privileged users can manipulate configurations on connected virtual infrastructure hosts due to improper permission checks in management services. Affected behavior includes powering off virtual machines, deleting storage file...

CVE-2024-11680

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application’s configuration. Successful exploitation...

CVE-2024-41969

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS...

CVE-2024-41969 WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS...

CVE-2024-41969

CVE-2024-41969 affects WAGO devices via a CODESYS V3 configuration service authentication bypass. A low-privilege remote attacker can modify configuration, potentially achieving full system compromise or DoS. Root cause: missing authentication in the CODESYS V3 service. Affected products referenc...

CVE-2024-46462

By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability...

CVE-2024-46466

By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 ANSSI qualification submission can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this...

CVE-2024-46465

By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability...

CVE-2024-46463

By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ORIZON has to be modified to prevent this vulnerability...

CVE-2024-46466

By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 ANSSI qualification submission can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this...

CVE-2024-46894

CVE-2024-46894 – SINEC INS unauthorized access vulnerability. Affects Siemens SINEC INS all versions before V1.0 SP2 Update 3. The application does not properly validate a user’s authorization to query the "/api/sftp/users" endpoint, enabling an authenticated remote attacker to view the configure...

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. An unauthorized access vulnerability exists in Siemens SINEC INS, which could be exploited by an attacker to obtain information about the user list of the SFTP service...

PT-2024-10219 · Schneider Electric · Powerlogic Hdpm6000

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic HDPM6000 versions up to 0.62.7 Description: The issue is related to an Improper Restriction of Operations within the Bounds of a Memory Buffer, which could allow an unauthorized attacker to modify configuration...