7068 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46007
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwmon: powerz Avoid cacheline sharing for DMA buffer Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty was affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)
Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty was affected by prototype pollution vulnerability due to immutable CVE-2026-29063. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...
EUVD-2019-20154
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...
EUVD-2019-20153
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the...
Dräger Infinity M300 资源管理错误漏洞
The Dräger Infinity M300 is a wearable telemetry patient monitoring device developed by the German company Dräger. The Dräger Infinity M300 patient monitoring devices, including the VG2.x version and earlier versions, have a resource management vulnerability. This vulnerability stems from a...
Dräger SC Monitoring devices 信任管理问题漏洞
The Dräger SC Monitoring devices are a series of clinical vital signs monitoring devices produced by the German company Dräger. The Dräger SC Monitoring devices have a vulnerability related to trust management. This vulnerability stems from hard-coded plaintext credentials in the source code, alo...
CVE-2019-25718
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...
CVE-2019-25718 Dräger Infinity Explorer C700 Privilege Escalation via Kiosk Mode Bypass
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...
CVE-2019-25718
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...
CVE-2019-25718
Affected product: Dräger Infinity Explorer C700. Vulnerability: privilege escalation allowing kiosk-mode escape to reach the underlying OS via a specific dialog interaction. Impact: attacker can break out of kiosk mode, gain OS control, and cause the Delta Family patient monitor display to show i...
Nezha's authenticated agents can forge service-monitor results for other users' services
Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...
GHSA-4G6J-G789-RGHM Nezha's authenticated agents can forge service-monitor results for other users' services
Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl, cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892
Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, cryptography-46.0.6-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892. This bulletin contains information addressing the...
PT-2026-45493
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 0.20.0 through 2.0.11 Description Authenticated agents can forge service-monitor results for services belonging to other users. The system accepts TaskResult messages from an authenticated agent based solely on whethe...
PT-2026-45627
Name of the Vulnerable Software and Affected Versions Dräger Infinity Explorer C700 affected versions not specified Description A privilege escalation issue allows attackers to break out of kiosk mode—a restricted user interface that limits access to specific applications—and access the underlyin...
CVE-2026-41860 - Missing tls-verify on bosh-monitor | Cloud Foundry
High CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HVendor Cloud Foundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to...
CVE-2018-25385
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
EUVD-2018-21907
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
CVE-2018-25385
CVE-2018-25385 affects E-Registrasi Pencak Silat 18.10. The flaw is an SQL injection in the id_partai parameter of monitor_nilai.php, exploitable via unauthenticated GET requests with crafted payloads. attackers can extract sensitive data including admin credentials and user data. Root cause: imp...