19171 matches found
kernel: Linux kernel (CAN J1939): Denial of Service via deadlock
A flaw was found in the Linux kernel. A local user with low privileges could exploit a deadlock vulnerability in the Controller Area Network CAN bus J1939 protocol implementation. This occurs when specific data transfer and error queue handling events coincide with a network interface going down...
kernel: can: isotp: sanitize CAN ID checks in isotp_bind()
In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotpbind Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted o...
kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is late...
EUVD-2025-60945
The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2025-12924
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...
PT-2025-46341
Name of the Vulnerable Software and Affected Versions NetScaler ADC and NetScaler Gateway versions 12.1-FIPS and NDcPP prior to 12.1-55.333-FIPS and NDcPP NetScaler ADC and NetScaler Gateway versions 13.1 prior to 13.1-60.32 NetScaler ADC and NetScaler Gateway versions 13.1-FIPS and NDcPP prior t...
PT-2025-46245
The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm Import Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on t...
Advantech WebAccess/VPN NetworksController.addNetworkAction function cross-site scripting vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...
Advantech WebAccess/VPN AjaxPrevalidationController.ajaxAction Function SQL Injection Vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
CVE-2025-12920
A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-12924
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...
CVE-2025-12925
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...
CVE-2025-12924
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...
CVE-2025-12925
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...
EUVD-2025-38727
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...
EUVD-2025-38728
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...
CVE-2025-12924
The connected sources confirm CVE-2025-12924 affects the rymcu forest project, specifically the GlobalResult function in BankController.java. The issue is described as a missing authorization control that could enable a remote attack, with no explicit affected version ranges provided due to the r...
CVE-2025-12924 rymcu forest BankController.java GlobalResult authorization
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...
forest 安全漏洞
forest is a modern knowledge community backend project open-sourced by RYMCU, implemented using SpringBoot + Shiro + MyBatis + JWT + Redis. A security vulnerability exists in forest, which originates from the lack of authorization of the GlobalResult function in the file...