63 matches found
PT-2025-40810
Name of the Vulnerable Software and Affected Versions Belkin F9K1015 version 1.00.10 Description A buffer overflow issue exists in Belkin F9K1015 version 1.00.10. The issue is related to the manipulation of the L2TPUserName argument within the file /goform/formL2TPSetup. This allows for remote co...
Linux Distros Unpatched Vulnerability : CVE-2023-37117
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. CVE-2023-37117 Note that Nessus relies on the presence of...
Lychee 代码注入漏洞
Lychee is a beautiful and easy-to-use photo management system open-sourced by The Lychee Organisation. It is used to manage and share photos. A code injection vulnerability exists in Lychee versions prior to 2.0.2, which stems from a possible arbitrary code injection in lychee-setup...
PT-2025-35094
Name of the Vulnerable Software and Affected Versions: lychee link checking action versions prior to 2.0.2 Description: The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. This can potentially compromise the security of the target...
CVE-2025-9009 itsourcecode Online Tour and Travel Management System email_setup.php sql injection
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/emailsetup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
PT-2025-33441 · Itsourcecode · Itsourcecode Online Tour/Travel Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection vulnerability exists in itsourcecode Online Tour and Travel Management System 1.0. The vulnerability is located in an unknown function within the...
CVE-2025-48860
A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated low privileged attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to acce...
CVE-2025-49456 Zoom Clients for Windows- Race Condition
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access...
CVE-2025-7088
A vulnerability, which was classified as critical, was found in Belkin F9K1122 1.00.33. This affects the function formPPPoESetup of the file /goform/formPPPoESetup of the component webs. The manipulation of the argument pppUserName leads to stack-based buffer overflow. It is possible to initiate...
CVE-2024-46921
An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of...
CVE-2023-1121
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2019-8804
An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup...
CVE-2022-49851
In the Linux kernel, the following vulnerability has been resolved: riscv: fix reserved memory setup Currently, RISC-V sets up reserved memory using the "early" copy of the device tree. As a result, when trying to get a reserved memory region using ofreservedmemlookup, the pointer to reserved...
CVE-2022-49395 um: Fix out-of-bounds read in LDT setup
In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscallstubdata expects the datacount parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: stack-out-of-bounds in...
The vulnerability of the i40e_xdp_setup() function (drivers/net/ethernet/intel/i40e/i40e_main.c) in the Linux kernel driver for the i40e driver allows a hacker to cause a service failure.
The vulnerability of the i40exdpsetup function drivers/net/ethernet/intel/i40e/i40emain.c in the Linux kernel driver for the i40e chip is related to improper resource locking. Exploiting this vulnerability could allow an attacker to cause a service failure...
PT-2024-38319 · Chargepoint · Chargepoint Home Flex
Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. The specific flaw exists...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma prior to version 14.6, which stems from the fact that enabling Locked Mode when setting up a Mac may cause FileVault to be accidentally disabled...
CVE-2024-35850 Bluetooth: qca: fix NULL-deref on non-serdev setup
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a...
DEBIAN-CVE-2024-23831
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used...
Exploit for Improper Input Validation in Atlassian Confluence_Data_Center
Confluence Vulnerability - CVE-2023-22515 :notebook: Int...