AVEVA PI to CONNECT Agent

RISK EVALUATION Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

PT-2025-136: Path Traversal in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

PT-2025-45360

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the AjaxFwRulesController.ajaxNetworkFwRulesAction function. An authenticated, low-privileged user can inject SQL code through datatable...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_3

This update for kernel-livepatch-MICRO-6-0-RTUpdate3 fixes the following issues: CVE-2024-49974: NFSD: limit the number of concurrent async COPY operations bsc1232384 CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 CVE-2025-38206: exfat: fix double free in delayedfre...

EUVD-2019-19300

Malware in sbrugna...

The vulnerability of FortiWeb web applications’ network firewalls arises from incorrect processing of syntaxically incorrect structures, allowing attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the improper processing of syntaxically incorrect structures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary commands by sending specially crafted HTTP/S...

CVE-2023-29055

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

SUSE CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

PT-2025-23814 · Ооо 'Солидсофт' · Solidwall Waf

Уязвимость средства межсетевого экранирования SolidWall WAF связана с недостаточной защитой служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации...

The vulnerability of Sophos Firewall’s network firewalls (formerly known as Sophos XG Firewall) is related to improper handling of code generation, allowing attackers to execute arbitrary code.

The vulnerability of Sophos Firewall’s network firewalls formerly known as Sophos XG Firewall is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system OS commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum...

Ruijie Networks RG-NBS2009G-P 安全漏洞

The Ruijie Networks RG-NBS2009G-P is a network security product from China's Ruijie Networks Ruijie Networks that is commonly used as an enterprise-class network border firewall. A security vulnerability exists in Ruijie Networks RG-NBS2009G-P v.10.41P2 Release 9736 that originated from a...

The vulnerability of the MULTIPART_PART_HEADERS component in the network firewall, which allows a hacker to bypass the firewall protection for web applications.

The vulnerability of the MULTIPARTPARTHEADERS component in the network firewall for protecting web applications related to ModSecurity is linked to improper analysis of HTTP requests. Exploiting this vulnerability can allow a malicious actor to bypass the firewall’s protection...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2019:3403)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3403 advisory. - The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift...

The vulnerability of FortiWeb web applications’ network firewalls, related to the use of an uncontrolled format string, allows attackers to execute arbitrary code.

The vulnerability of FortiWeb web applications’ network firewalls is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a hacker to execute arbitrary code...

The vulnerability of the microprogrammed network interface controllers from SonicWall, models SMA 210, SMA 410, SMA 500v, allows attackers to execute arbitrary SQL queries.

The vulnerability of SonicWall’s SMA 210, SMA 410, and SMA 500v network firewall microprogramming systems lies in the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

The vulnerability of FortiWeb web applications’ network firewalls arises from incorrect restrictions on the path to the restricted access catalog, allowing attackers to gain unauthorized access to protected information.

The vulnerability of FortiWeb web applications’ network firewalls is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a special...

K20682450: BIG-IP AFM vulnerability CVE-2017-6142

Security Advisory Description X509 certificate verification was not correctly implemented in the early access "user id" feature in the BIG-IP Advanced Firewall Manager, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. CVE-2017-6142 Impact In affected...

The vulnerability of SonicWall SMA 100 network firewall microprogramming software, related to information disclosure, allows attackers to gain unauthorized access to protected information.

The vulnerability of SonicWall SMA 100 network firewall microprogramming software is related to information disclosure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of SonicWall SMA 100 network firewall microprogramming software, caused by buffer overflow in dynamic memory, allows attackers to execute arbitrary code or cause a service failure.

The vulnerability of SonicWall SMA 100 network firewall microprogramming software is caused by buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...