CVE-2025-1688 System configuration password reset

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi version v.4.8.0, which stems from the editSave method not properly verifying the requested user privileges, which may result in modification of the system configuration...

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

Security Bulletin: IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a denial of service (CVE-2022-35643)

Summary A vulnerability in IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a denial of service CVE-2022-35643. Vulnerability Details CVEID:CVE-2022-35643 DESCRIPTION: IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or...

Updated tomcat packages fix security vulnerabilities

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensiti...

CVE-2025-20177

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the...

CVE-2022-49284 coresight: syscfg: Fix memleak on registration failure in cscfg_create_device

In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfgcreatedevice deviceregister calls deviceinitialize, according to doc of deviceinitialize: Use putdevice to give up your reference instead of freeing @dev directly onc...

CVE-2025-27137 Dependency-Track vulnerable to local file inclusion via custom notification templates

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...

CVE-2025-26358

A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests...

CVE-2025-26358

A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests...

CVE-2025-26358

A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests...

CVE-2025-26358

A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests...

Q-Free MAXTIME Suite 输入验证错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An input validation error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from incorrect input validation in ldbMT.so. An attacker exploiting this vulnerability...

Cisco Identity Services Engine Authorization Bypass Vulnerability (CNVD-2025-03530)

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API has an authorization bypass vulnerability that can be exploited by a remote attacker to submit a special request that can obtain sensitive information, modify...

CVE-2025-0785

A vulnerability was found in ESAFENET CDG V5 and classified as problematic. This issue affects some unknown processing of the file /SysConfig.jsp. The manipulation of the argument help leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-24481

An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration...

CVE-2024-40674

CVE-2024-40674 affects Google Android via WifiConfigurationUtil.java (validateSsid). The issue is a logic error that could overflow a system configuration file, causing a local denial of service without requiring privileges or user interaction. Public details consistently reference Android/WifiCo...

CVE-2025-23054

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privilege level. Successful exploitation could allow an attacker to manipulate user generated files,...

PT-2025-2590 · Google · Android Wificonfigurationutil

Name of the Vulnerable Software and Affected Versions: Android WifiConfigurationUtil affected versions not specified Description: A logic error in the code of WifiConfigurationUtil.java, specifically in the validateSsid function, could lead to a local denial of service due to a possible overflow ...