ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a specialized operating system for all ASUSTOR NAS devices from ASUS, China. A security vulnerability exists in ASUSTOR ADM versions prior to 4.3.1.R5A1, which stems from improper input validation and could result in a system configuration error...

CVE-2025-27369

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...

CVE-2025-27369 IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuratio...

WordPress Vikinger Path Traversal Vulnerability

WordPress Vikinger is a WordPress blog theme developed by a foreign developer. WordPress Vikinger has a path traversal vulnerability that stems from insufficient file path validation in the function vikingerdeleteactivitymediaajax, which can be exploited by an attacker to tamper with the system...

The vulnerability of the Segnetics SMConfig system configuration tool lies in its insufficient verification of the authenticity of executed requests, allowing attackers to carry out CSRF attacks.

The vulnerability of the Segnetics SMConfig system configuration tool is related to insufficient verification of the authenticity of the requests being executed. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

CVE-2025-38132

In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfgcsdevlock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 perf enable load module cscfgloadconfigsets activate config. // sysfs sysactivecnt == 1...

PT-2025-26953 · Hunt Electronic · Hunt Electronic Hybrid Dvr

Name of the Vulnerable Software and Affected Versions: Hunt Electronic Hybrid DVR models HBF-09KD and HBF-16NK Description: The issue allows unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. This is an Exposure of...

PT-2025-26685 · Sapido · Sapido Wireless Router

Name of the Vulnerable Software and Affected Versions: Sapido Wireless Router affected versions not specified Description: The issue allows unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out o...

CVE-2022-50090

In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BTRFSMAXEXTENTSIZE with fsinfo-maxextentsize On zoned filesystem, data write out is limited by maxzoneappendsize, and a large ordered extent is split according the size of a bio. OTOH, the number of extents to be...

[SECURITY] Fedora 41 Update: systemd-256.15-1.fc41

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

[SECURITY] Fedora 42 Update: systemd-257.6-1.fc42

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

The vulnerability of the control_panel_sw() function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the controlpanelsw function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi routers is related to incorrect elimination of special elements in the output data when processing the parameter filename. Exploiting this vulnerability allows an...

CVE-2024-24116

An issue in Ruijie RG-NBS2009G-P RGOS v.10.41P2 Release9736 allows a remote attacker to gain privileges via the system/configmenu.htm...

CVE-2024-28815

A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system...

CVE-2024-31967

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit...

CVE-2024-31964

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful...

CVE-2024-40674

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-26782

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface -System Configuration-Cache Configuration-Cache security characters...

CVE-2023-41673

An improper authorization vulnerability CWE-285 in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests...

CVE-2023-38544

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system...