Vulnerabilities fixed in Arcserve Unified Data Protection

Arcserve has fixed vulnerabilities in Arcserve Unified Data Protection UDP for all versions prior to 10.2. The vulnerabilities include an authentication bypass that allows unauthenticated malicious parties to access protected functions, a reflected cross-site scripting XSS vulnerability that allo...

CVE-2024-13807 Xagio SEO <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files

The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract...

PT-2025-34988

Name of the Vulnerable Software and Affected Versions: Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress versions through 11.58 Description: The plugin is susceptible to unauthorized data access due to an inadequate capability check within the...

PT-2025-35101

Name of the Vulnerable Software and Affected Versions: Meitrack T366G-L GPS Tracker devices affected versions not specified Description: The SPI flash chip Winbond 25Q64JVSIQ in Meitrack T366G-L GPS Tracker devices is accessible without authentication or tamper protection. An attacker with physic...

WordPress plugin Xagio SEO 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An information disclosure...

ROS-20250828-04

A vulnerability in the Moodle virtual learning environment is related to insufficient cleanup of data provided by the by the user in the calendar event header when the event is deleted. Exploitation of the vulnerability could allow A remote attacker to perform cross-site scripting attacks A...

CVE-2025-34523

A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection UDP. This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted...

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

CVE-2025-34520 Arcserve UDP < 10.2 Authentication Bypass

An authentication bypass vulnerability in Arcserve Unified Data Protection UDP allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms...

CVE-2025-34521

A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...

CVE-2025-34523 Arcserve UDP < 10.2 Pre-Authentication Heap Overflow

A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection UDP. This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted...

CVE-2025-43728

Dell ThinOS 10, versions prior to 250810.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

CVE-2025-43728

Dell ThinOS 10, versions prior to 250810.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

CVE-2025-43728

Dell ThinOS 10, versions prior to 250810.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

CVE-2025-43728

Dell ThinOS 10, versions prior to 250810.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

CVE-2025-43728

Dell ThinOS 10 prior to 2508_10.0127 contains a Protection Mechanism Failure vulnerability (CVE-2025-43728). An unauthenticated attacker with remote access could exploit it to bypass the protection mechanism, with impact described as high confidentiality, integrity, and availability. Remediation ...

PT-2025-34886 · Ebay · Bevy Event Service

Name of the Vulnerable Software and Affected Versions: The Bevy Event service versions through 2025-07-22 Description: The Bevy Event service, used for eBay Seller Events and other activities, is susceptible to a Cross-Site Request Forgery CSRF issue. This flaw allows an attacker to delete all...

Dell ThinOS 10 安全漏洞

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from a Protection Mechanism Failure vulnerability, which stems from a failure of the protection...

PT-2025-34946

Name of the Vulnerable Software and Affected Versions: Arcserve Unified Data Protection UDP versions prior to 10.2 Arcserve Unified Data Protection UDP versions 8.0 through 10.1 Arcserve Unified Data Protection UDP versions 7.x and earlier Description: An authentication bypass in Arcserve Unified...

Arcserve Unified Data Protection 安全漏洞

Arcserve Unified Data Protection is Arcserve's all-in-one data and ransomware protection solution. A security vulnerability exists in Arcserve Unified Data Protection versions prior to 10.2 that stems from a heap buffer overflow that could lead to remote code execution...