520 matches found
CVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...
CVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...
CVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...
CVE-2025-43795
CVE-2025-43795: Open redirect vulnerabilities in Liferay Portal/DXP SystemSettingsPortlet, InstanceSettingsPortlet and SiteSettingsPortlet redirects (com_liferay_configuration_admin_web_portlet *_redirect). Affected: Liferay Portal 7.1.0–7.4.3.101; Liferay DXP 2023.Q3.1–2023.Q3.4; 7.4 GA up to up...
CVE-2025-43795
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via t...
Liferay Portal和Liferay DXP 输入验证错误漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
PT-2025-37346
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.101 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 GA through update 35 Older unsupported versions Description: An open redirect issue...
Linux Distros Unpatched Vulnerability : CVE-2022-20474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local...
CVE-2025-26419
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-26419
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-26419
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-26419
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
Linux Distros Unpatched Vulnerability : CVE-2022-38247
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the System Settings page under the Admin panel. CVE-2022-38247 Note that...
📄 GeoVision ASManager Windows Application 6.1.2.0 Remote Code Execution
GeoVision ASManager Windows Application version 6.1.2.0 suffers from a remote code execution vulnerability. Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage:...
GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...
CVE-2025-44179
Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker can exploit this vulnerability by injecting arbitrary commands through the telnet interfa...
Foxit Reader 缓冲区错误漏洞
Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit PDF Reader suffers from a buffer overflow vulnerability that originates from an uninitialized pointer, which can be exploited by an attacker to obtain system privileges and modify the system configuration by executin...
The vulnerability of the System Settings component in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the System Settings component in macOS operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
CVE-2025-5344
CVE-2025-5344 affects Bluebird devices with a pre-loaded kiosk application exposing an unsecured AIDL-type service, com.bluebird.kiosk.launcher.IpartnerKioskRemoteService . A local attacker can bind this service to modify the device’s global settings and wallpaper. The issue affects all versions ...
CVE-2025-5344 Exposed AIDL service allowing for tampering of system secure settings in Bluebird kiosk application
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects a...