174 matches found
EUVD-2024-27687
Malicious code in bioql PyPI...
Fortinet FortiDDoS-F Operating System Command Injection Vulnerability
Fortinet FortiDDoS-F is a distributed denial-of-service protection system from the U.S. company Fiat Fortinet. Fortinet FortiDDoS-F suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements, which can be exploited by an attacker t...
CVE-2025-30274
CVE-2025-30274 describes a NULL pointer dereference in QNAP QTS and QuTS hero that can lead to a denial-of-service. Multiple sources (NVD, Red Hat, CNVD, OpenVAS, CIRCL, etc.) confirm affected products and provide consistent remediation: upgrade to QTS 5.2.5.3145 build 20250526 or later, and QuTS...
AIX/VIOS is affected by arbitrary code execution (CVE-2025-47273 CVE-2025-4330 CVE-2024-12718 CVE-2025-4138 CVE-2025-4517) due to Python
IBM SECURITY ADVISORY First Issued: Wed Aug 20 08:31:06 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory16.asc Security Bulletin: AIX is affected by arbitrary code execution CVE-2025-47273, CVE-2025-4330,...
Fortinet FortiWeb 操作系统命令注入漏洞
Fortinet FortiWeb is a Web application layer firewall from Fiat Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure Web applications and protect sensitive database content. Fortinet FortiWeb versions 7.6.0 throu...
CVE-2024-58256
EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution...
CVE-2025-30099
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...
CVE-2025-30096
Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...
The vulnerability of Windows Event Tracing service allows attackers to enhance their privileges.
The vulnerability of Windows Event Tracing in operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the UFS loader component of the Grub2 operating system, which allows a hacker to trigger a service failure
The vulnerability of the UFS loader component in operating systems like Grub relates to writing beyond the boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-48866
An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...
CVE-2024-53691
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following...
CVE-2024-37045
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2024-37044
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the followin...
CVE-2023-30805
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
CVE-2020-16280
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating...
CVE-2018-16721
In Jingyun Antivirus v2.4.2.39, the driver file ZySandbox.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306...
Huawei HarmonyOS Buffer Overflow Vulnerability Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that can be exploited by attackers to affect availability...
CVE-2025-2814
Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...
Microsoft Lightweight Directory Access Protocol(LDAP) 资源管理错误漏洞
Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that runs on a layer above the TCP/IP stack. A resource management error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker exploiting this...