13931 matches found
CVE-2025-13478 Cache Misconfiguration Leading to Cross-User Data Exposure
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2v4.10.1...
CVE-2025-13478
CVE-2025-13478 affects OpenText Identity Manager on Windows and Linux (Identity Manager: 25.2 v4.10.1). The issue is a cache misconfiguration where insecure application cache handling allows remote authenticated users to obtain another user’s session data. Impact per available docs: potential exp...
CVE-2025-67115
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
CVE-2025-67112
The CVE-2025-67112 entry concerns the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842, where a hard-coded AES-256-CBC key in the configuration backup/restore flow allows remote authenticated users to decrypt, modify, and re-encrypt device configurations. Th...
CVE-2025-66955
The CVE-2025-66955 entry concerns Local File Inclusion in Asseco SEE Live 2.0, specifically within the Contact Plan, E-Mail, SMS and Fax components. The vulnerable surface is the downloadAttachment and downloadAttachmentFromPath APIs, where a malicious user with authentication can supply a path p...
PT-2026-25039
Name of the Vulnerable Software and Affected Versions Asseco SEE Live 2.0 Description A local file inclusion issue exists in the Contact Plan, E-Mail, SMS, and Fax components. Remote authenticated users can access files on the host system through the path parameter in the downloadAttachment and...
CVE-2025-66955
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...
CVE-2025-63409
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials...
PT-2026-21742
Name of the Vulnerable Software and Affected Versions GCOM EPON 1GE C00R371V00B01 affected versions not specified Description A flaw exists in GCOM EPON 1GE C00R371V00B01 related to privilege escalation and improper access control. Remote authenticated users can modify administrator-only settings...
GCOM EPON 1GE 安全漏洞
GCOM EPON 1GE is a fiber-optic access device developed by GCOM Corporation. The GCOM EPON 1GE C00R371V00B01 version contains a security vulnerability. This vulnerability stems from improper permission escalation and access control mechanisms, which may allow remote authenticated users to modify...
CVE-2025-70297
A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...
CVE-2025-70297
A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...
CVE-2025-70296
CVE-2025-70296 is a stored HTML injection in Mealie 3.3.1’s Recipe Notes rendering component. Remote authenticated users can inject arbitrary HTML, causing user interface redressing in the recipe view. Descriptions across multiple sources confirm the vulnerability and affected version; one connec...
CVE-2025-15497
Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...
CVE-2025-15497
Insufficient epoch key slot processing in OpenVPN 2.7alpha1 through 2.7rc5 allows remote authenticated users to trigger an assert resulting in a denial of service...
OpenVPN security vulnerabilities
OpenVPN is a software package developed by OpenVPN Inc. in the United States, used to create encrypted VPN tunnels. It utilizes the OpenSSL library to encrypt data and control information, and allows the created VPNs to use public keys, electronic certificates, or username/password for...
MiracleLinux 4 : samba-3.6.23-25.AXS4 (AXSA:2016-137:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-137:02 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files and printer...
MiracleLinux 4 : mysql-5.1.66-2.0.1.AXS4 (AXSA:2013-03:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-03:01 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different clie...
MiracleLinux 7 : krb5-1.13.2-12.el7 (AXSA:2016-190:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-190:01 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...