13930 matches found
CVE-2025-26489
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...
Synology DiskStation Manager (DSM) Privilege Escalation (Synology-SA-24:27) - Unreliable Remote Version Check
Synology DiskStation Manager DSM is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-61075
Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls...
CVE-2025-13661
CVE-2025-13661 is a path-traversal vulnerability in Ivanti Endpoint Manager (prior to 2024 SU4 SR1). An authenticated remote attacker can write arbitrary files outside the intended directory, with user interaction required. Multiple sources (NVD/Red Hat EUVD, Nessus plugin, and related advisories...
CVE-2025-26489 Improper input validation in Netconf service in Infinera MTC-9
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...
CVE-2025-26489
The CVE-2025-26489 entry concerns Infinera MTC-9, where the Netconf service suffers from improper input validation. The root cause is input validation flaws in the Netconf interface, allowing remote authenticated users to crash the service and reboot the appliance, causing a DoS. Affected version...
EUVD-2025-201681
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...
CVE-2025-29846
A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages...
CVE-2025-29844
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...
CVE-2024-5401
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...
CVE-2025-29844
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...
CVE-2025-29844
CVE-2025-29844 describes a vulnerability in the Synology FileStation file cgi that enables remote authenticated users to read file metadata and path information. The issue has a CVSS v3.1 base score of 4.3 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. Connected sources confi...
EUVD-2025-201176
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...
CVE-2025-29843
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...
CVE-2024-5401
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...
Synology Router Manager 路径遍历漏洞
Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager SRM, which originates from the FileStation file cgi that allows remote authenticated users to read file metadata and...
CVE-2025-36357
IBM Planning Analytics Local (Workspace) versions 2.1.0–2.1.14 are affected by a directory traversal vulnerability that allows a remote authenticated user to view, read, or write arbitrary files by sending crafted URLs containing absolute path sequences. The issue is caused by improper handling o...
HP Integrated Lights-Out Information Disclosure (CVE-2013-4843)
Unspecified vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Information Disclosure
com.liferay:com.liferay.portal.security.audit.event.generators.user.management is vulnerable to Information Disclosure. The vulnerability is due to audit events recording users’ password reminder answers in audit logs, which allows remote authenticated users to retrieve those answers via the audi...
EUVD-2025-35042
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...