CVE-2026-37748

CVE-2026-37748 affects Visitor Management System 1.0 by sanjay1313. The vulnerability is an Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php, where move_uploaded_file() runs without MIME type, extension, or content validation. This allows an authenticated admin t...

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...

CVE-2025-22458

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System...

PT-2023-5168 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo Administration Console versions V4.0 through V4.0 Update 1 Description: The issue is related to a leak of information about files and directories in the administration console of the SIMATIC PCS neo system, which can lead to t...

CVE-2022-37071

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateOne2One...

CVE-2022-23449

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the...

CVE-2021-33735

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33725

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory...

CVE-2021-33727

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system...

Siemens SINEC NMS 路径遍历漏洞

SINEC NMS is Siemens' network management system for monitoring and managing industrial networks. A path traversal vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability stems from the fact that the affected system allows arbitrary files to be downloaded under...

Siemens SINEC NMS SQL注入漏洞

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...

Siemens SINEC NMS 代码问题漏洞

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks. a code issue vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. The vulnerability stems from the fact that the affected system allows the upload of JSON objects deserialized t...

Micro Focus Verastream Host Integrator 跨站脚本漏洞

Micro Focus Verastream Host Integrator is an asset management platform from Micro Focus UK. The platform supports the management of servers, web applications, and other assets. A cross-site scripting vulnerability exists in Micro Focus Verastream Host Integrator 7.8 Update 1 and prior versions,...

Oracle Java SE 输入验证错误漏洞

Oracle Java SE is an Oracle Corporation Oracle for the development and deployment of Java applications for desktops, servers, and embedded devices and real-time environments. An input validation error vulnerability exists in Oracle Java SE version 7u301, which originates from incorrect input...

Micro Focus Verastream Host Integrator Information Disclosure Vulnerability

Micro Focus Verastream Host Integrator is an asset management platform from Micro Focus UK. The platform supports the management of servers, web applications and other assets. An information disclosure vulnerability exists in versions prior to Micro Focus Verastream Host Integrator 7.8 Update 1...

Nablarch Denial of Service Vulnerability

Nablarch is a Java application framework based on the middleware model . A security vulnerability exists in Nablarch versions 5, 5u1, and 5u13. A remote attacker could exploit the vulnerability to disclose information or cause a system shutdown...

McAfee MVision Endpoint Authentication Vulnerability

McAfee MVision Endpoint is a set of endpoint security protection software from the U.S. company McAfee McAfee. A security vulnerability exists in versions prior to McAfee MVision Endpoint 1811 Update 1 18.11.31.62. The vulnerability can be exploited by an attacker to uninstall MVision Endpoint...

Intel Integrated Performance Primitives Data Disclosure Vulnerability

Intel Integrated Performance Primitives IPP is a suite of programming tools for working with images, signal processing, and data from Intel Corporation USA. A security vulnerability exists in the password inventory in versions prior to Intel IPP 2019 update1. A local attacker can exploit the...

OpenJDK: Improper field access checks (Hotspot, 8199226)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...