Elber Communications Equipment 安全漏洞

Elber Communications Equipment is a communications equipment from Elber Corporation. A security vulnerability exists in Elber Communications Equipment that stems from the presence of unauthenticated device configurations and the disclosure of hidden client functionality...

Cisco Secure Email Gateway Privelege Escalation (cisco-sa-esa-sma-wsa-multi-yKUJhS34)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance coul...

CVE-2025-0675 Elber Communications Equipment Hidden Functionality

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...

CVE-2025-0675 Elber Communications Equipment Hidden Functionality

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...

CVE-2025-0675

CVE-2025-0675 affects Elber products (Elber Communications Equipment). The public records describe an authentication bypass that enables unauthorized access to password management, effectively allowing attackers to overwrite any user password and gain access to protected areas of affected devices...

CVE-2025-1076

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-1076

CVE-2025-1076 describes a Stored XSS vulnerability in Holded’s application, affecting the editable name and icon fields within the Activities feature. The root cause is storing a JavaScript payload in those parameters, enabling an attacker to inject script via standard input fields. The issue is ...

CVE-2022-21217

An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability...

PT-2025-5894 · Elber · Elber

Name of the Vulnerable Software and Affected Versions: Elber products affected versions not specified Description: The issue concerns an unauthenticated device configuration and client-side hidden functionality disclosure in Elber products. Recommendations: At the moment, there is no information...

CVE-2022-41014

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2022-40990

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2017-20067

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched...

CVE-2019-14417

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...

CVE-2019-5141

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...

CVE-2025-20185

CVE-2025-20185 affects Cisco AsyncOS Software (Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance). A vulnerability in the remote access password generation algorithm allows an authenticated, local attacker (with valid administrator credentials) to escalate privile...

CVE-2020-6140

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The passwordstfemail parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2020-8474

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction...