14 matches found
PT-2026-7270
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description An authentication bypass exists in Ivanti Endpoint Manager that allows a remote, unauthenticated attacker to leak stored credential data. This flaw is actively exploited in the wil...
Ivanti Endpoint Manager 路径遍历漏洞
Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti USA. A path traversal vulnerability exists in Ivanti Endpoint Manager EPM versions prior to 2024 SU4 SR1, which stems from path traversal and could lead to arbitrary file writes...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.4.2, which stems from overly lax...
CVE-2025-22459
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...
MeetMe 安全漏洞
MeetMe is a dating software from MeetMe, Inc. A security vulnerability exists in versions prior to MeetMe 2024-09 that stems from unauthorized access to the Call Forwarding Service system, which could be brute force attacked via an extension number...
zz 安全漏洞
zz is an e-commerce platform for zj1983 individual developers. A security vulnerability exists in zz 2024-8 and earlier versions, which stems from a denial of service in the ZfileAction.java file...
zz 注入漏洞
zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...
PT-2024-16351
Name of the Vulnerable Software and Affected Versions Dataprom Informatics Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS versions prior to 2024 Description The issue is related to an Origin Validation Error, which allows traffic injection. This affects the...
PT-2024-38619 · Progress · Telerik Reporting
Name of the Vulnerable Software and Affected Versions: In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924 Description: A command injection attack is possible through improper neutralization of hyperlink elements. This issue arises due to the improper handling of hyperlink element...
Telerik UI 命令注入漏洞
Telerik UI is a suite of UI User Interface controls for application development from Telerik Bulgaria. A command injection vulnerability exists in Telerik UI versions prior to 2024 Q3 2024.3.821, which originates from a command injection attack that can be initiated by disrupting the middle and...
PT-2024-37789 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.0 Description: A SQL Injection issue allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. This can be exploited by altering a privileg...
CVE-2024-4081
A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions...
CVE-2024-4202
In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.514, a code execution attack is possible through an insecure instantiation vulnerability...
PT-2024-24551
Name of the Vulnerable Software and Affected Versions inducer relate versions prior to 2024.1 Description A Server-Side Template Injection SSTI issue allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. This enables the attacker to...