Linux Distros Unpatched Vulnerability : CVE-2024-43442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Editio...

IBM DevOps Deploy 安全漏洞

IBM DevOps Deploy is an application release solution from International Business Machines IBM, Inc. Standardizes and simplifies the process of deploying software components to each environment during the development cycle. A security vulnerability exists in IBM DevOps Deploy versions prior to...

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

TOTOLINK A7000R Certification Bypass Vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A7000R suffers from an authentication bypass vulnerability that stems from formLoginAuth.htm not properly validating a login request, which can be exploited by an attacker to bypass authentication, tamper wi...

CVE-2025-6183

The StrongDM macOS client is affected by CVE-2025-6183 due to how it processes JSON-formatted messages, allowing an attacker to potentially modify macOS system configuration by crafting a malicious JSON payload. Documents confirm the affected product (StrongDM macOS client) and the underlying cau...

CVE-2025-6183 Configd Injection

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

StrongDM Client 安全漏洞

StrongDM Client is a client software from StrongDM, Inc. A security vulnerability exists in StrongDM Client that stems from improper handling of JSON formatted messages, which could result in modification of the system configuration...

DELL SupportAssist for Business PCs Elevation of Privilege Vulnerability

DELL SupportAssist for Business PCs is Dell's PC management solution for enterprise users, helping companies improve IT management efficiency and reduce O&M costs through AI-driven automated support, remote deployment and centralized control capabilities. An elevation of privilege vulnerability...

PT-2025-34126 · Strongdm · Strongdm Macos Client

Name of the Vulnerable Software and Affected Versions: StrongDM macOS client affected versions not specified Description: The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...

CVE-2013-10048 D-Link Devices command.php Unauthenticated RCE

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 firmware ≤ 2.13 and ≤ 2.14b01, respectively—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker c...

CVE-2025-8211

The vulnerability CVE-2025-8211 affects Roothub up to version 2.6. The issue is located in the Edit function of src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java, where manipulation leads to cross-site scripting. Attack can be launched remotely and the exploit has been publicly ...

CVE-2025-46119

Summary: CVE-2025-46119 affects CommScope Ruckus Unleashed (versions prior to 200.15.6.12.304 and prior to 200.18.7.1.302) and Ruckus ZoneDirector (prior to 10.5.1.0.282). An authenticated request to the management endpoint /admin/_cmdstat.jsp discloses the administrator password in a trivially r...

Tinasoft EasyCafe Server 安全漏洞

Tinasoft EasyCafe Server is a billing server-side software for coffee, internet cafes, etc. from Tinasoft Vietnam. A security vulnerability exists in Tinasoft EasyCafe Server version 2.2.14, which originates from a remote file disclosure and could result in reading sensitive information such as...

Tenable Agent Elevation of Privilege Vulnerability

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent has an elevation of privilege vulnerability, which originates from a non-administrative user deleting arbitrary local system files with SYSTEM privileges, and can be exploited by an attacker to tamper with the syste...

CVE-2025-52989

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted...

CVE-2025-27369

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a specialized operating system for all ASUSTOR NAS devices from ASUS, China. A security vulnerability exists in ASUSTOR ADM versions prior to 4.3.1.R5A1, which stems from improper input validation and could result in a system configuration error...

CVE-2025-27369

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...

CVE-2025-27369 IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...

WordPress Vikinger Path Traversal Vulnerability

WordPress Vikinger is a WordPress blog theme developed by a foreign developer. WordPress Vikinger has a path traversal vulnerability that stems from insufficient file path validation in the function vikingerdeleteactivitymediaajax, which can be exploited by an attacker to tamper with the system...