GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.8.7, 18.9.3...

Tinycontrol多款产品 安全漏洞

Tinycontrol tcPDU is a product of the Polish company Tinycontrol. Tinycontrol tcPDU is a network distribution unit. Tinycontrol LAN Controllers LK3.5 is a device for remote monitoring and control of environmental parameters. Tinycontrol LAN Controllers LK3.9 is also a device for remote monitoring...

PT-2025-51196

Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password...

Ingress NGINX Controller 安全漏洞

Ingress NGINX Controller is a Kubernetes open source entry controller for Kubernetes. A security vulnerability exists in Ingress NGINX Controller versions prior to 1.11.2, which stems from a participant with permission to create Ingress objects can bypass annotation validation to inject arbitrary...

Serious vulnerability fixed in SonicWall SMA100 Series

A vulnerability has been fixed in the SonicWall SMA100 series. The vulnerability allows an unauthenticated remote malicious person able to obtain login credentials to the system by executing an SQL injection. SonicWall has released updates to fix the vulnerability. fix. More information can be...

CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit...

Design/Logic Flaw

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit...

CVE-2014-2581

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit...

Logic flaw vulnerability in Ruoyi's backend management system

Ruoyi backend management system is based on SpringBoot2.0 rights management system . A logic flaw vulnerability exists in the Ruoyi Backend Management System. An attacker can view the source code to obtain a username and password to log in to the backend...

CVE-2019-11820

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline...

CVE-2016-9100

Symantec Advanced Secure Gateway ASG 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an...

CVE-2014-8425

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files...

Design/Logic Flaw

BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors...

CVE-2009-2201

The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog...