TOTOLINK A3300R Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.596B20250515, which stems from the mac and desc parameters failing to correctly filter constructed command special characters, commands, a...

CVE-2023-38329

An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected XSS vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbitrary web script or HTML into the "user" HTTP/GET parameter, which reflects its input without...

CVE-2024-27835

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen...

CVE-2023-26293

A vulnerability has been identified in Totally Integrated Automation Portal TIA Portal V15 All versions, Totally Integrated Automation Portal TIA Portal V16 All versions V16 Update 7, Totally Integrated Automation Portal TIA Portal V17 All versions V17 Update 6, Totally Integrated Automation Port...

CVE-2022-24110

Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later...

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from the presence of stored cross-site scripting in the image parameter of the Create/Modify article function, which could lead to the execution of arbitra...

CVE-2024-41447

CVE-2024-41447 — Alkacon OpenCMS 17.0 stored XSS . A stored cross-site scripting flaw exists in the author parameter used in the Create/Modify article workflow, allowing an attacker to inject arbitrary web scripts/HTML. The vulnerability affects OpenCMS v17.0 and can be triggered by crafted paylo...

Apple iOS和Apple iPadOS 代码注入漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to version 17 and iPadOS prior to version 17, which stems from the...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to version 17 and iPadOS prior to version 17, which stems from a...

Apple iOS和Apple iPadOS 访问控制错误漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to version 17 and iPadOS prior to version 17, which stems from the...

Apple iOS和Apple iPadOS 授权问题漏洞

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to version 17 and iPadOS prior to version 17, which stems from the possibilit...

CVE-2025-0289

Paragon Software HDM/Partition Manager exposed CVE-2025-0289 in BioNTdrv.sys: insecure kernel resource access due to the driver not validating the MappedSystemVa pointer before HalReturnToFirmware. Effect: local attacker can escalate privileges to SYSTEM and, per multiple advisories, BYOVD-enable...

Paragon Partition Manager 输入验证错误漏洞

Paragon Partition Manager is a powerful professional-grade disk partition management software from Paragon. It is used for hard disk partition resizing, file system conversion, data backup recovery and so on. An input validation error vulnerability exists in Paragon Partition Manager version 17,...

Odoo 访问控制错误漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed using Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. An Access Control...

SUSE CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS version 17.5 and Apple iPadOS version 17.5, which originates from...

Issuetrak 安全漏洞

Issuetrak is an issue tracking software from Issuetrak, Inc. A security vulnerability exists in Issuetrak version 17.1, which stems from the presence of an HTML injection vulnerability that allows an authenticated attacker to add HTML markup to the comments of a work order that, when submitted,...

CVE-2024-53564

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded valid FreePBX module files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are...

Apple iOS 安全漏洞

Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in Apple iOS version 17.7 and iPadOS version 17.7, which originates from accessing the Private Browsing tab without authentication...

PT-2024-30999 · Apple · Macos Sonoma +5

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17.7 iPadOS versions prior to 17.7 macOS Ventura versions prior to 13.7 macOS Sonoma versions prior to 14.7 macOS Sequoia versions prior to 15 Description: The issue allows an app to bypass Privacy preferences. This was...