1072 matches found
CVE-2025-46629
Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet...
[SECURITY] Fedora 42 Update: icecat-115.22.0-2.rh1.fc42
GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. JShelter: Mitigates potential threats from JavaScript, including...
CVE-2025-23008
An improper privilege management vulnerability in the SonicWall NetExtender Windows 32 and 64 bit client allows a low privileged attacker to modify configurations...
CVE-2025-23008
CVE-2025-23008 affects SonicWall NetExtender Windows client (32/64-bit). The issue is improper privilege management that allows a low-privileged attacker to modify configurations, with high impact on confidentiality, integrity, and availability (per CVSS 3.1). The advisory notes upgrade to a fixe...
PT-2025-15658 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18 Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as OS Command Injection, whic...
GeoVision GV-ASManager 6.1.0.0 - Information Disclosure
Exploit Title: Information Disclosure in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Teste...
SUSE-SU-2025:1094-1 Security update for warewulf4
This update for warewulf4 fixes the following issues: warewulf4 was updated from version 4.5.8 to 4.6.0: - Security issues fixed for version 4.6.0: CVE-2025-22869: Fixed Denial of Service vulnerability in the Key Exchange of golang.org/x/crypto/ssh bsc1239322 CVE-2025-22870: Fixed proxy bypass...
Icinga Director 访问控制错误漏洞
Icinga Director is an Icinga configuration and deployment tool from Icinga Open Source. An access control error vulnerability exists in Icinga Director version 1.0.0 and earlier, which stems from an improperly access controlled REST API endpoint that could lead to information disclosure and...
CVE-2024-45483 Missing GRUB password in B&R APROL
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...
CVE-2025-1341
A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. This affects an unknown part of the component Setting Handler. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The...
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities (cisco-sa-ise-multivuls-FTW9AOXF)
According to its self-reported version, Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities is affected by multiple vulnerabilities. - A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary comman...
CVE-2024-46432
Tenda W18E V16.01.0.81625 is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials...
CVE-2024-43392
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FWINCOMING.FROMIP FWINCOMING.INIP FWOUTGOING.FROMIP FWOUTGOING.INIP environment variable which can lead to a DoS...
CVE-2024-5824
A path traversal vulnerability in the /setpersonalityconfig endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as forceacceptremoteaccess and...
CVE-2024-0949
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...
CVE-2025-20893
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications...
SUSE-SU-2025:20057-1 Security update for rust-keylime
This update for rust-keylime fixes the following issues: - Update vendored crates CVE-2024-43806, bsc1229952, bsc1230029 rustix 0.37.25 rustix 0.38.34 shlex 1.3.0 - Update to version 0.2.6+13: Enable test functional/iak-idevid-persisted-and-protected builddeps: bump uuid from 1.7.0 to 1.10.0...
CVE-2025-23054
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privilege level. Successful exploitation could allow an attacker to manipulate user generated files,...
CVE-2025-23028
Cilium DoS (CVE-2025-23028): A crafted DNS response can crash Cilium agents in clusters proxying DNS traffic, affecting versions 1.14.0–1.14.7, 1.15.0–1.15.11, and 1.16.0–1.16.4. Impact varies by DNS policy: traffic allowed without DNS-based policy continues; DNS-policyed connections may be disru...
Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VP...