CVE-2022-41261

SAP Solution Manager Diagnostic Agent - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attack...

CVE-2021-3210

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter...

CVE-2013-7317

Multiple cross-site scripting XSS vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 settingsfile or 2 datafile parameter to a ampie.swf, b amline.swf, or c amcolumn.swf...

CLSA-2025-1747726439 Update of microcode_ctl

Update Intel CPU microcode to 20250211: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c0003e0; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b000620; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...

D-Link DI-7003GV2 访问控制错误漏洞

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability that originates from improper access control in the file /H5/webgl.data function sub41F0FC, which can be exploited by an attacker to cause information disclosu...

CVE-2025-4753

A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R68125 and classified as problematic. Affected by this issue is some unknown functionality of the file /login.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to th...

youkefu 代码问题漏洞

youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu version 4.2.0 and earlier, which stems from improper handling of the parameter dataFile in the file mwebhandleradminsystemTemplateController.java, which could...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

hdf5: multiple CVEs

HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HGread, resulting in denial of service or potential code execution...

CVE-2025-3288

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

CVE-2025-2285

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...

CVE-2025-2288

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

Sand Studio AirDroid Installed (macOS)

Binary data airdroidmacinstalled.nbin...

Fedora 40 : ffmpeg (2025-34c88263fe)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-34c88263fe advisory. Backported fix for CVE-2024-12361 . Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

CVE-2024-10948

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

Siemens Teamcenter Installed (Windows)

Binary data siemensteamcenterinstalled.nbin...

RemotePC Installed (Windows)

Binary data remotepcwininstalled.nbin...

PT-2025-7807 · Unknown · Benner Modernanet

Name of the Vulnerable Software and Affected Versions: Benner ModernaNet versions prior to 1.2.1 Description: A problematic issue has been found, affecting an unknown function of the file /DadosPessoais/SG Gravar. The manipulation of the idItAg argument leads to cross-site request forgery. This...

WordPress Visualizer plugin <= 3.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Import Data From File vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Import Data From File vulnerability discovered by Webbernaut in WordPress Plugin Visualizer versions = 3.11.8...

CyberPanel Installed (Linux)

Binary data cyberpanelnixinstalled.nbin...