18647 matches found
EUVD-2025-208887
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
CVE-2025-67115
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
CVE-2025-67115
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
CVE-2025-67112
The CVE-2025-67112 entry concerns the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842, where a hard-coded AES-256-CBC key in the configuration backup/restore flow allows remote authenticated users to decrypt, modify, and re-encrypt device configurations. Th...
Security Updates for Microsoft System Center Operations Manager (March 2026)
The version of Microsoft System Center Operations Manager installed on the remote Windows host is affected by an elevation of privilege vulnerability. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted request to an affected SCOM instance. %NASLMINLEVEL...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
CVE-2025-66955
The CVE-2025-66955 entry concerns Local File Inclusion in Asseco SEE Live 2.0, specifically within the Contact Plan, E-Mail, SMS and Fax components. The vulnerable surface is the downloadAttachment and downloadAttachmentFromPath APIs, where a malicious user with authentication can supply a path p...
PT-2026-25039
Name of the Vulnerable Software and Affected Versions Asseco SEE Live 2.0 Description A local file inclusion issue exists in the Contact Plan, E-Mail, SMS, and Fax components. Remote authenticated users can access files on the host system through the path parameter in the downloadAttachment and...
CVE-2025-66955
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...
EUVD-2025-208484
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...
CVE-2026-24640
A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection a...
CVE-2026-24640
A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection a...
CVE-2025-48418
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...
Fortinet FortiManager Privilege escalation using undocumented CLI command (FG-IR-26-081)
The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-081 advisory. - A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7,...
CVE-2026-30926 SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
CVE-2023-31044
An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...
CVE-2023-31044
An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...
CVE-2023-31044
An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...
CVE-2023-31044
An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...
CVE-2023-31044
An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...