PT-2025-40578

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A flaw exists that could allow a remote attacker with administrator privileges to trigger a denial-of-service DoS condition...

CVE-2025-57871 BUG-000174020 - Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1)

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

CVE-2025-30519

Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system...

CVE-2022-4980

General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...

PT-2025-38603

Name of the Vulnerable Software and Affected Versions General Bytes Crypto Application Server CAS versions 20201208 through 20220531.38 General Bytes Crypto Application Server CAS version 20220725.22 Description General Bytes Crypto Application Server CAS contains an authentication bypass in the...

CVE-2025-30519

Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system...

CVE-2025-30519

CVE-2025-30519 affects Dover Fueling Solutions ProGauge MagLink LX4 devices. The issue is that the devices ship with default root credentials that cannot be changed via standard administrative means, enabling an attacker with network access to obtain administrative control of the system. Public s...

CVE-2025-30519 Dover Fueling Solutions ProGauge MagLink LX4 Devices Use of Weak Credentials

Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system...

Dover Fueling Solutions ProGauge MagLink LX4 安全漏洞

The Dover Fueling Solutions ProGauge MagLink LX4 is an automated tank gauging system console from Dover Fueling Solutions, USA. A security vulnerability exists in several Dover products that stems from the use of default root credentials that cannot be changed through standard administrative...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in th...

PT-2025-84: Insecure firmware update mechanism in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. Exploitation of the vulnerability allows a remote attacke with administrative permissions in the execution environment to upload a modified update archive and execute arbitrary cod...

CVE-2025-55142

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

CVE-2025-55139

SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with admin privileges to enumerate internal...

CVE-2025-55146

Summary: CVE-2025-55146 describes an unchecked return value in Ivanti Connect Secure (before 22.7R2.9) and Ivanti Policy Secure (before 22.7R1.6), Ivanti ZTA Gateway (before 2.8R2.3-723), and Ivanti Neurons for Secure Access (before 22.8R1.4) that enables a remote authenticated attacker with admi...

CVE-2025-29887

A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later...

CVE-2024-13987

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors...

Cisco UCS Fabric Interconnects Command Injection (cisco-sa-ucs-multi-cmdinj-E4Ukjyrz)

According to its self-reported version, Cisco Unified Computing System UCS Fabric Interconnect is affected by multiple vulnerabilities. - Vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative...

Linux Distros Unpatched Vulnerability : CVE-2015-3902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1...

Linux Distros Unpatched Vulnerability : CVE-2016-7980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of...

Linux Distros Unpatched Vulnerability : CVE-2009-4402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to th...