Google Chrome < 135.0.7049.41 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 135.0.7049.41. It is, therefore, affected by multiple vulnerabilities as referenced in the 202504stable-channel-update-for-desktop advisory. - Inappropriate implementation in Downloads in Google Chrome prior to...

Linux Distros Unpatched Vulnerability : CVE-2025-0448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2014-0007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path...

Linux Distros Unpatched Vulnerability : CVE-2017-6004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers...

Citrix NetScaler Console (ADM) 13.1.x < 13.0.56.18 / 14.1.x < 14.1.38.53 Authenticated privilege escalation Vulnerability (CTX692579)

An Authenticated privilege escalation vulnerability exists in Citrix NetScaler Console ADM 13.1 prior to 13.1-56.18 and 14.1 prior to 14.1-38.53. An unauthenticated, remote attacker can exploit this to reset the administrator password and gain administrative access to the appliance. The issue...

CVE-2025-26350

A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests...

CVE-2022-39206

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

CVE-2025-20169

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this...

PT-2025-5705 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10977

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could provide weaker than expected security, caused by a flaw with retaining an error message from man-in-the-middle. A remote attacker could exploit this vulnerability to launch further attacks on the system. Vulnerability...

Linksys E8450 anonymous_protect_status parameter buffer overflow vulnerability

The Linksys E8450 is an E-series wireless router from Linksys USA. A buffer overflow vulnerability exists in the Linksys E8450 v1.2.00.360516, which originates when the anonymousprotectstatus parameter is copied to the stack without length validation, and can be exploited by a remote attacker to...

Fortinet FortiOS Resource Management Error Vulnerability (CNVD-2025-03522)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A resource management error...

CVE-2024-56144

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.11.0 allow remote attackers to inject...

CVE-2024-36506

CVE-2024-36506 denotes an improper verification of the source of a communication channel (CWE-940) in FortiClientEMS. Affected products/versions per the provided documents include FortiClientEMS 6.4.0 through 7.0.x, 7.2.0 through 7.2.4, and 7.4.0. The issue may allow a remote attacker to bypass t...

PT-2025-1267 · Microsoft +5 · Edge +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge affected versions not specified Description: The issue is related to an out of bounds read in the Metrics component, which could allow a remote attacker to potentially exploit heap...

CVE-2025-20166 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

PT-2024-10365 · Gstreamer +7 · Gstreamer +7

Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: A null pointer dereference vulnerability has been discovered in the gst matroska demux parse blockgroup or simpleblock function within matroska-demux.c. This function does not properly check th...

CVE-2024-48866 QTS, QuTS hero

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

CVE-2024-8820

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...

PT-2024-10125 · Rsync +10 · Rsync +10

The rsync daemon is affected by a flaw that can be triggered when comparing file checksums, allowing an attacker to manipulate the checksum length and cause a comparison between a checksum and uninitialized memory. This results in the leak of one byte of uninitialized stack data at a time. An...