The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to trigger a service failure.

The vulnerability of the Device Admin App on the ctrlX OS operating system relates to the unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted HTTP requests remotely...

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

PT-2025-37378

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system. A blind Server-Side Request Forgery SSRF condition exists due to insufficient validation of incoming requests used in the operating system command. Successf...

The vulnerability of the JavaScript script handler in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge relates to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page from a remote location...

CentOS 7 : gupnp (RHSA-2021:2417)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2417 advisory. - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to...

The vulnerability of the `formSetRemoteWebManage` function in the Tenda W15E router software allows a hacker to execute arbitrary code.

The vulnerability of the formSetRemoteWebManage function /goform/SetRemoteWebManage in the Tenda W15E router microprogramming system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using ...

Jenkins LTS < 2.462.3 / Jenkins weekly < 2.479 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.462.3 or Jenkins weekly prior to 2.479. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact...

The vulnerability of the Dawn component in browsers Google Chrome and Microsoft Edge on Android operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Dawn component in Google Chrome and Microsoft Edge browsers on Android operating systems is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML page from...

Joomla! 5.x < 5.1.2 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...

eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—systems that enable attackers to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0109)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0109 advisory. - Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing blocked linker and compiler...

Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0808 advisory. - The go command may execute arbitrary code at build time when using cgo. This may occur when running go get on a malicious...

PT-2024-6575 · Tenda · Tenda W15E

Name of the Vulnerable Software and Affected Versions: Tenda W15E version 15.11.0.14 Description: A critical issue was found in the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to a stack-based buffer overflow. It is...

Tenda W15E 安全漏洞

W15E is a wireless router from Shenzhen Jixiang Tengda Technology Co. Ltd. W15E 15.11.0.14 version of the buffer overflow vulnerability, the vulnerability stems from / goform / SetRemoteWebManage file formSetRemoteWebManage method of the remoteIP parameter fails to correctly validate the length o...

Tenda W20E Stack Buffer Overflow Vulnerability

The Tenda W20E is a wireless router developed by Tenda to provide wireless network connectivity and management capabilities. The Tenda W20E suffers from a stack buffer overflow vulnerability that originates from improper handling of the remoteIP parameter in the formSetRemoteWebManage function in...

CVE-2024-3874

A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated...

Tenda W20E 安全漏洞

The Tenda W20E is a wireless router developed by Tenda to provide wireless network connectivity and management capabilities. The Tenda W20E suffers from a stack buffer overflow vulnerability that originates from improper handling of the remoteIP parameter in the formSetRemoteWebManage function in...

CKEditor 4.x < 4.24.0-lts Multitple XSS

The version of CKEditor included on the remote web host is 4.x prior to 4.24.0-lts. It may, therefore, be affected by multiple cross-site scripting XSS vulnerabilities. - A cross-site scripting vulnerability affecting editor instances that enabled full-page editing mode or enabled CDATA elements ...

TeamCity Server < 2023.11.3 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.3. It is, therefore, affected by multiple vulnerabilities: - Authentication bypass leading to RCE vulnerability CVE-2024-23917 - Path traversal allowed...