30 matches found
EUVD-2025-209852
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...
CVE-2025-15567
Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security advisories to learn affected products, components, and remediation information.
Rubber Mallet: a Study of High Frequency Localized Bit Flips and Their Impact on Security
The increasing density of modern DRAM has heightened its vulnerability to Rowhammer attacks, which induce bit flips by repeatedly accessing specific memory rows. This paper presents an analysis of bit flip patterns generated by advanced Rowhammer techniques that bypass existing hardware defenses...
The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340 and its network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H lies in the insufficient protection of operational data. This allows unauthorized access by intruders to read, modify, or delete data, or to cause malfunctions in the system.
The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller, as well as the network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H, is related to insufficient protection for operational data. Exploiting this vulnerability can allow an...
The vulnerability of the virtual learning environment Moodle, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.
The vulnerability in the virtual learning environment Moodle is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for website structures, allows attackers to execute XSS attacks.
The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute XSS attacks by injecting malicious scripts into form fields...
The vulnerability of the Flow-X gas consumption controller and processor web service allows a intruder to access confidential information.
The vulnerability of the Flow-X gas consumption controller web service is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...
The vulnerability of the Twisted web framework, related to the lack of protective measures for website structures, allows attackers to access confidential data and compromise its integrity.
The vulnerability of the Twisted web framework is related to the lack of security measures for website structures. Exploiting this vulnerability allows a malicious actor to gain access to confidential data and compromise its integrity...
The vulnerability of the site_id parameter in the netshop CMS system, Netcat, allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the siteid parameter in the netshop CMS system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to carry out cross-site scripting attacks...
The vulnerability of the RESTEasy software lies in the lack of protective measures for website structures, allowing attackers to carry out XSS attacks.
The vulnerability of the RESTEasy software is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to disclose protected information.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
The vulnerability of NagiosXI software, related to the lack of measures taken to protect the website structure, allows attackers to execute XSS-type attacks.
The vulnerability of NagiosXI software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a type of attack known as reflected XSS...
The vulnerability in the web interface of Inductive Automation Ignition software allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of Inductive Automation Ignition’s software for industrial automation is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
The vulnerability of the Red Hat Ansible configuration management system lies in the lack of protective measures for SQL query structures, allowing attackers to compromise the integrity and accessibility of protected information.
The vulnerability of the Red Hat Ansible configuration management system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the integrity and accessibility of the protected information by using the...
NETGEAR Nighthawk 跨站请求伪造漏洞
The NETGEAR Nighthawk WiFi6 Router is a series of routers from NETGEAR that support WiFi 6 technology and are aimed at users seeking a high-speed Internet experience. The NETGEAR Nighthawk WiFi6 Router suffers from a cross-site request forgery vulnerability that stems from the device not properly...
The vulnerability of the Azure Site Recovery disaster recovery tool lies in the insufficient protection of registration data, allowing attackers to escalate their privileges.
The vulnerability of the Azure Site Recovery recovery tool is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to gain increased privileges...
The vulnerability of Microsoft Exchange Server servers stems from the lack of protective measures for website structures, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of Microsoft Exchange Server lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created malicious link...
The vulnerability in the web interface of the Cisco Finesse automation software allows a malicious individual to gain unauthorized access to the OpenSocial Gadget Editor.
The vulnerability in the web interface for controlling the automation tools of Cisco Finesse’s operator software relates to the lack of protective measures for the web page structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the...