CVE-2024-36697

CVE-2024-36697 describes an XSS in Allworx System Software v9.1.9.12, affecting the Admin Login page via the SessionID parameter in query.asp. No exploitation details are provided in the connected documents. Remediation guidance from PT-2025-29092: apply a fix for Allworx System Software version ...

Allworx System Software 跨站脚本漏洞

Allworx System Software is a communication software platform from Allworx Corporation. A security vulnerability exists in Allworx System Software version v9.1.9.12, which stems from improper handling of the SessionID parameter in the Admin Login page, which could lead to a cross-site scripting...

CVE-2024-36697

A cross-site scripting XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp...

Ubuntu: Security Advisory (USN-7459-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-38614

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data...

MAL-2025-2184 Malicious code in ncw-eddsa-signing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02e9ad5aeea88c3f0f7df84384b93fd6ce2d6b3d1870fce2910d58ead5feaa87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-332 Malicious code in charjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30d644c2eb731d4dcad0bf39f80c41f09bddda4c07d8d2e90ce7a1e1b55716ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21537

CVE-2025-21537 affects Oracle PeopleSoft, specifically the Cash Management component of PeopleSoft Enterprise FIN Cash Management, version 9.2. The vulnerability arises from weaknesses in the authorization mechanism of Cash Management that can be exploited remotely over HTTP by a low-privilege at...

Cisco NX-OS Improper Input Validation (CVE-2017-12334)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command...

The vulnerability of the WibuKey64.sys driver of the WIBU-SYSTEMS WibuKey software lies in improper checking of boundaries, which can lead to service failure.

The vulnerability of the WIBU-SYSTEMS WibuKey security software driver, named WibuKey64.sys, is related to incorrect reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

Vulnerabilities fixed in Oracle Systems

Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Cross-Site Scripting XSS...

Hitachi Energy MACH System Software 安全漏洞

Hitachi Energy MACH System Software is a MACH real-time high-performance control system platform from Hitachi, Japan. A security vulnerability exists in Hitachi Energy MACH System Software that originates from an authenticated malicious client that can send a special LINQ query to remotely execut...

Hitachi Energy MACH System Software 安全漏洞

Hitachi Energy MACH System Software is a MACH real-time high-performance control system platform from Hitachi, Japan. A security vulnerability exists in Hitachi Energy MACH System Software, which originates from an authenticated malicious client that can send specially crafted code to skip...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software, which stems from a...

GHSA-XRJ7-X7GP-WWQR vulnerabilities

Vulnerabilities for packages: solr, druid...

Vulnerabilities fixed in Oracle Systems

Oracle has fixed vulnerabilities in components of System Software. A malicious person with physical access to the hardware, or local access to the infrastructure, can exploit the vulnerabilities to exploit attacks that could result in the following categories of damage: Denial-of-Service DoS...

Security Bulletin: Vulnerability in Golang Go affects IBM Cloud Pak System.

Summary Vulnerability in Golang Go affects IBM Cloud Pak SystemCVE-2022-41724. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, ...

Hitachi Energy MACH System Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : MACH System Software Vulnerabilities : Path Traversal, Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

kernel: usb: typec: ucsi: Don't attempt to resume the ports before they exist

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered...

Hitachi Energy MACH System Software Path Traversal Vulnerability

Hitachi Energy MACH System Software is a MACH real-time high-performance control system platform from Hitachi, Japan. A security vulnerability exists in Hitachi Energy MACH System Software that originates from a McFeeder server that allows an attacker to upload a carefully crafted ZIP archive to ...