PT-2026-32667

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...

PT-2026-32668

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...

GHSA-P6MR-XF3R-GHQ4 Payload has a CSRF Protection Bypass in Authentication Flow

Impact A Cross-Site Request Forgery CSRF vulnerability existed in the authentication flow. Under certain conditions, the configured CSRF protection could be bypassed, allowing cross-site requests to be made. Consumers are affected if ALL of these are true: - Payload version v3.79.1 - serverURL is...

CVE-2026-34359

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

PT-2026-6939

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the Configuration Parameter Handler component of D-Link DIR-823X version 250416. The issue stems from manipulating the terminal addr, server ip, and server port arguments within the...

EUVD-2026-5562

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

CVE-2020-37095

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

Cyberoam Authentication Client 安全漏洞

The Cyberoam Authentication Client is a network authentication client developed by the American company Cyberoam. Version 2.1.2.7 of the Cyberoam Authentication Client contains a security vulnerability. This vulnerability stems from a buffer overflow in the Cyberoam Server Address field, which...

CVE-2020-37095

The connected PTsecurity entry confirms CVE-2020-37095 affects Cyberoam Authentication Client 2.1.2.7 and describes a buffer overflow that overwrites Structured Exception Handler (SEH) memory. An attacker can supply a crafted value in the Cyberoam Server Address field to trigger a bind TCP shell ...

CVE-2020-37095

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

CVE-2026-2068

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

CVE-2020-36994 QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service

QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionali...

CVE-2020-36994

CVE-2020-36994 affects QlikView 12.50.20000.0 and concerns a denial-of-service vulnerability in the FTP server address input field. According to the provided documents, a local attacker can crash the application by pasting a 300-character buffer into the FTP server address field, resulting in an ...

CVE-2026-24770 RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server leading to Remote Code Execution via a malicious ZIP archive...

EUVD-2025-198981

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user...

CVE-2025-36112

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user...

PT-2025-47603

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.2162 Description ClipBucket is a video sharing platform. A flaw in version 5.5.2 allows an attacker to control the server URL due to a dynamic build from the HTTP Host header when the base url configuration is...

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

UTT HiPER 2620G 安全漏洞

The UTT HiPER 2620G is an enterprise router from China Aitai UTT. A security vulnerability exists in UTT HiPER 2620G 3.1.4 and earlier versions, which originates from a misbehavior of the function strcpy in the file /goform/fNTP with respect to the parameter NTPServerIP, which may result in a...