CVE-2024-39351

A vulnerability regarding improper neutralization of special elements used in an OS command 'OS Command Injection' is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models wi...

CVE-2013-6684

The web framework on Cisco Wireless LAN Controller WLC devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011...

CVE-2013-6864

Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise ASE 15.0.3 before 15.0.3 ESD4.3, 15.5 before 15.5 ESD5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors...

CVE-2022-27661

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow...

CVE-1999-0080

Certain configurations of wu-ftp FTP server 2.4 use a PATHEXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command...

CVE-2019-12452

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control which is contrary to the API documentation, allows remote authenticated users to discover password hashes by reading the Basic HTT...

CVE-2019-16671

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption...

CVE-2025-47208

CVE-2025-47208 affects QNAP QTS and QuTS hero where an allocation of resources without limits or throttling can lead to a denial of service if a remote attacker obtains a user account. The issue is mitigated by fixes in QTS 5.2.6.3195 build 20250715 and later and QuTS hero h5.2.6.3195 build 20250...

Mozilla Firefox < 3.0.16

The version of Firefox installed on the remote Windows host is prior to 3.0.16. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-68 advisory. - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticate...

CVE-2025-26489

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

Synology DiskStation Manager (DSM) Privilege Escalation (Synology-SA-24:27) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

EUVD-2025-202288

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required...

CVE-2025-61075

Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls...

CVE-2025-13661

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required...

CVE-2025-13661

CVE-2025-13661 is a path-traversal vulnerability in Ivanti Endpoint Manager (prior to 2024 SU4 SR1). An authenticated remote attacker can write arbitrary files outside the intended directory, with user interaction required. Multiple sources (NVD/Red Hat EUVD, Nessus plugin, and related advisories...

CVE-2025-13661

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required...

Synology DiskStation Manager (DSM) Privilege Escalation (Synology-SA-24:27) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-26489

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

CVE-2025-26489 Improper input validation in Netconf service in Infinera MTC-9

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...