18647 matches found
CVE-2025-63409
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials...
GCOM EPON 1GE 安全漏洞
GCOM EPON 1GE is a fiber-optic access device developed by GCOM Corporation. The GCOM EPON 1GE C00R371V00B01 version contains a security vulnerability. This vulnerability stems from improper permission escalation and access control mechanisms, which may allow remote authenticated users to modify...
PT-2026-21742
Name of the Vulnerable Software and Affected Versions GCOM EPON 1GE C00R371V00B01 affected versions not specified Description A flaw exists in GCOM EPON 1GE C00R371V00B01 related to privilege escalation and improper access control. Remote authenticated users can modify administrator-only settings...
CVE-2025-70327
TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...
CVE-2025-70327
TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...
Medium: vsftpd
Issue Overview: A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. CVE-2025-14242 Affected Packages:...
CVE-2025-47209
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
CVE-2026-1602
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70297
A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...
CVE-2025-70297
A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70296
CVE-2025-70296 is a stored HTML injection in Mealie 3.3.1’s Recipe Notes rendering component. Remote authenticated users can inject arbitrary HTML, causing user interface redressing in the recipe view. Descriptions across multiple sources confirm the vulnerability and affected version; one connec...
CVE-2025-70297
A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2026-1602
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
PT-2026-7269
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database through this flaw. Recommendations...
K000157960: BIG-IP Container Ingress Services vulnerability CVE-2026-22549
Security Advisory Description A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. CVE-2026-22549 Impact A remote, authenticated attacker with high privilege access to BIG-IP Container Ingress Services may be able to read...
CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...