6348 matches found
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020
This module moves files to and from private storage depending on the access of its owning entities. The module does not sufficiently incorporate the results of hookfiledownload when a custom or contrib module implements that hook leading to access bypass...
Cisco Secure Firewall Management Center 安全漏洞
Cisco Secure Firewall Management Center is a powerful network security management tool developed by Cisco, Inc. There is a security vulnerability present in Cisco Secure Firewall Management Center. This vulnerability stems from insufficient restrictions on repair modules in the locked mode, which...
CVE-2026-27012
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...
CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...
EUVD-2026-9334
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...
CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...
GHSA-G38G-8GR9-H9XP PickleScan has multiple stdlib modules with direct RCE not in blocklist
Summary picklescan v1.0.3 latest does not block at least 7 Python standard library modules that provide direct arbitrary command execution or code evaluation. A malicious pickle file importing these modules is reported as having 0 issues CLEAN scan. This enables remote code execution that bypasse...
PickleScan has multiple stdlib modules with direct RCE not in blocklist
Summary picklescan v1.0.3 latest does not block at least 7 Python standard library modules that provide direct arbitrary command execution or code evaluation. A malicious pickle file importing these modules is reported as having 0 issues CLEAN scan. This enables remote code execution that bypasse...
GHSA-247V-7CW6-Q57V OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...
OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...
OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter
Summary Multiple Reflected Cross-Site Scripting XSS vulnerabilities in OpenSTAManager v2.9.8 allow unauthenticated attackers to execute arbitrary JavaScript code in the context of other users' browsers through crafted URL parameters, potentially leading to session hijacking, credential theft, and...
CVE-2026-1874
Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...
CVE-2026-1874 Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series EtherNet/IP module and Ethernet module
Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...
CVE-2026-1874
Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allo...
MAL-2026-1167 Malicious code in @global-dax-ad-platform/dax-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eb4c0cce0e997a5ceaf51dd24ec685c500bbfe904265afdce79bb5b2f7e0033 The package @global-dax-ad-platform/dax-modules was found to contain malicious code. Source: ghsa-malware...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability caused by improper execution of...
Oracle Linux 10 : python-pyasn1 (ELSA-2026-3354)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3354 advisory. 0.6.2-1 - Update to 0.6.2 - Update modules to 0.4.2 Resolves: RHEL-148142 Tenable has extracted the preceding description block directly from the Oracle Linux...
Oracle Linux 9 : python-pyasn1 (ELSA-2026-3359)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3359 advisory. 0.4.8-7 - Resolves: RHEL-148154 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...