31 matches found
PT-2026-44816
Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...
Linux Distros Unpatched Vulnerability : CVE-2023-2905
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server,...
CVE-2026-0971
An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...
CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups
User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...
CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...
CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...
Fortra GoAnywhere MFT 安全漏洞
Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...
PT-2026-33978
The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...
PT-2026-6420
Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...
EUVD-2025-198806
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4...
Bjango iStats 安全漏洞
Bjango iStats is a system monitoring tool from Bjango Australia. A security vulnerability exists in Bjango iStats version 7.10.4, which originates from an insecure XPC service and could lead to elevation of privilege...
CVE-2025-56266
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL...
Avigilon ACM 安全漏洞
Avigilon ACM is a physical access control system from Avigilon USA. A security vulnerability exists in Avigilon ACM version v7.10.0.20, which originates from CSV injection and could lead to the execution of arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2025-53025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable...
Snipe-IT 安全漏洞
Snipe-IT is an open source IT asset/license management system for snipe individual developers. A security vulnerability exists in Snipe-IT versions prior to 7.0.10 that stems from allowing remote code execution when an attacker knows the APPKEY...
Texas Instruments Fusion Digital Power Designer 安全漏洞
Texas Instruments Fusion Digital Power Designer is a digital power design tool from Texas Instruments. A security vulnerability exists in Texas Instruments Fusion Digital Power Designer version 7.10.1, which originated from a vulnerability that allows a local attacker to gain access to sensitive...
PT-2024-15806 · European Chemicals Agency · Iuclid
Name of the Vulnerable Software and Affected Versions: European Chemicals Agency IUCLID version 7.10.3 Description: A critical vulnerability was found in the European Chemicals Agency IUCLID, affecting an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulatio...
DEBIAN-CVE-2023-2905
Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not...
PT-2023-4690 · Unknown · Sicam Toolbox Ii
Name of the Vulnerable Software and Affected Versions: SICAM TOOLBOX II versions prior to V07.10 Description: A vulnerability has been identified in the SICAM TOOLBOX II application, where the database service is executed as NT AUTHORITYSYSTEM. This could allow a local attacker to execute operati...
Open-Xchange OX App Suite 信息泄露漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An information disclosure vulnerability exists in Open-Xchange OX App Suite version 7.10.6-rev23. An attacker could exploit the vulnerability to view user privacy...