CVE-2023-31461

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability...

Yealink YMCS 安全漏洞

Yealink YMCS is a cloud management service from China Yealink Yealink used to centrally manage and maintain Yealink's devices. A security vulnerability exists in Yealink YMCS versions prior to 2025-05-26, which stems from not blocking access to OpenAPI for frozen enterprise accounts, which could...

This Week in Spring - March 5th, 2024

Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll....

The vulnerability of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) lies in the lack of necessary checks during password deletion, allowing attackers to execute arbitrary code.

The vulnerability of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS lies in the lack of necessary checks during password deletion. Exploiting this vulnerability allows a malicious actor to execute arbitrary co...

The vulnerability of the Metasys Application and Data Server (ADS), Metasys Extended Application and Data Server (ADX), and Metasys Open Application Server (OAS) lies in the incomplete cleanup of session tokens, allowing attackers to obtain session tokens from authenticated users.

The vulnerability of the Metasys Application and Data Server ADS, Metasys Extended Application and Data Server ADX, and Metasys Open Application Server OAS is related to incomplete cleaning of session tokens. Exploiting this vulnerability can allow a malicious actor to obtain the session token of...

CVE-2020-9044

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...