111 matches found
CVE-2023-31414
Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host syste...
CVE-2021-37201
A vulnerability has been identified in SINEC NMS All versions V1.0 SP1. The web interface of affected devices is vulnerable to a Cross-Site Request Forgery CSRF attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative...
CVE-2025-0020
...
PT-2025-21140 · Esri · Arcgis
Name of the Vulnerable Software and Affected Versions: ArcGIS affected versions not specified Description: The ArcGIS client credentials OAuth 2.0 API implementation does not adhere to the RFC/standards, allowing a requestor to request an undocumented, custom token expiration from ArcGIS. This...
CVE-2025-40581
The CVE-2025-40581 affects Siemens SCALANCE LPE9403 devices when SINEMA Remote Connect Edge Client is installed. Affected component is the authentication mechanism, with the root cause described as an authentication bypass that permits a local, non-privileged attacker to bypass authentication and...
CVE-2020-28398
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...
ABB Cylon Aspect 3.07.00 (obtainPorts.php) Configuration Manipulation
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The obtainPorts.php script is accessible without authentication,...
Vulnerabilities fixed in Veeam Backup & Replication
Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities in Veeam Backup & Replication allow low-privileged users to remotely execute code, extract stored credentials in plain text, launch an agent in server mode, manipulate configurations within the virtual...
EulerOS 2.0 SP8 : unbound (EulerOS-SA-2024-2494)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CP...
EulerOS 2.0 SP8 : unbound (EulerOS-SA-2024-2056)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CP...
EulerOS Virtualization 2.10.0 : unbound (EulerOS-SA-2024-1994)
According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cau...
CVE-2024-20456
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1863)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-XFHP-JF8P-MH5W HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. When go-getter is performing a Git operation, go-getter will try to clone the given repository in a specified destination...
CVE-2024-1275
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52...
CVE-2024-1275 Vulnerability in Baxter Welch Allyn Connex Spot Monitor
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52...
CVE-2024-1275 Vulnerability in Baxter Welch Allyn Connex Spot Monitor
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52...
CVE-2024-3435
A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...
CVE-2024-3435 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the 'savesettings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'applysettings' function, allowing an...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1603)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...