1366 matches found
CVE-2025-36161
IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...
Simple Cafe Ordering System login.php File SQL Injection Vulnerability
Simple Cafe Ordering System is a simple coffee ordering system. The Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from the /login.php file not securely filtering the Username parameter. An attacker can exploit this vulnerability to remotely obtain sensitiv...
CVE-2025-60728
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...
Advisory ROSA-SA-2025-3077
Software: libssh 0.9.6 OS: ROSA Virtualization 3.0 unaffected versions = libssh-0.9.6-15.rv30 affected versions libssh-0.9.6-15.rv30 CVE-ID: CVE-2025-5318 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside of buffer...
DEBIAN-CVE-2025-12909
Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...
CVE-2025-54863
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could...
kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
A flaw out of boundary read in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...
CVE-2025-54863
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could...
CVE-2025-54863
Radiometrics VizAir is affected by a vulnerability where the system’s REST API key is exposed via a publicly accessible configuration file. Public access could let an attacker remotely alter weather data and configurations, automate attacks across multiple instances, and exfiltrate sensitive mete...
CVE-2025-54863 Insufficiently Protected Credentials in Radiometrics VizAir
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could...
CVE-2025-54863 Insufficiently Protected Credentials in Radiometrics VizAir
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could...
PT-2025-45015
Name of the Vulnerable Software and Affected Versions Radiometrics VizAir affected versions not specified Description Radiometrics VizAir is susceptible to exposure of its REST API key through a publicly accessible configuration file. Successful exploitation allows attackers to remotely alter...
Astra Linux – Vulnerability in Chromium
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: High...
CVE-2024-14003
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution RCE through its NRDP Nagios Remote Data Processor server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary...
CVE-2024-14003
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through NRDP server plugins, due to insufficient validation of inbound NRDP request parameters that can reach command execution paths on the underlying host in the context of the web/Nagios service. Connected advis...
CVE-2024-14003 Nagios XI < 2024R1.2 RCE via NRDP Server Plugins
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution RCE through its NRDP Nagios Remote Data Processor server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary...
PT-2025-44502
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.2 Description The software contains a flaw due to insufficient validation of inbound NRDP Nagios Remote Data Processor request parameters. This allows crafted input to reach command execution paths, potential...
ROS-20251030-02
A vulnerability in the NVIDIA Virtual GPU Manager component of the NVIDIA Virtual GPU driver Virtual GPU is associated with incorrectly assigning permissions to a critical resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the NVIDIA...
Medium: java-21-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27024)
Vulnerability in the Linux kernel: net/rds: WARNING in rdsconnconnectifdown If connection isn't established yet, getmr will fail, trigger connection after getmr. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...