22 matches found
CVE-2026-41918
A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...
EUVD-2026-33914
A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...
CVE-2026-24032
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
PT-2025-49845
A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...
PT-2025-49835
A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...
EUVD-2024-29852
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges...
CVE-2024-32011
CVE-2024-32011 affects Siemens Spectrum Power 4 (all versions
CVE-2025-62058 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...
CVE-2025-40719
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idconcesion parameter in /FacturaE/VerFacturaPDF...
CVE-2025-40735
A vulnerability has been identified in SINEC NMS All versions V4.0. The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...
CVE-2024-37994
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT 6GT2811-6BC10-2AA0 All versions V4.2, SIMATIC Reader RF610R ETSI 6GT2811-6BC10-0AA0 All versions V4.2, SIMATIC Reader RF610R FCC 6GT2811-6BC10-1AA0 All versions V4.2, SIMATIC Reader RF615R CMIIT 6GT2811-6CC10-2AA0 All versions V4....
CVE-2025-27397
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write...
CVE-2025-27395
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and...
WordPress Wow Skype Buttons plugin < 4.0.4 - Button Deletion via CSRF vulnerability
Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Wow Skype Buttons versions 4.0.4...
AZL-44766 CVE-2022-48623 affecting package perl-Cpanel-JSON-XS for versions less than 4.39-1
The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service...
AZL-31097 CVE-2023-41175 affecting package libtiff for versions less than 4.6.0-1
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow...
AZL-26247 CVE-2023-29383 affecting package shadow-utils for versions less than 4.9-13
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
CVE-2021-37209
A vulnerability has been identified in RUGGEDCOM i800 All versions V4.3.8, RUGGEDCOM i801 All versions V4.3.8, RUGGEDCOM i802 All versions V4.3.8, RUGGEDCOM i803 All versions V4.3.8, RUGGEDCOM M2100 All versions V4.3.8, RUGGEDCOM M2200 All versions V4.3.8, RUGGEDCOM M969 All versions V4.3.8,...
Katy Voor HHVM 缓冲区错误漏洞
Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from a write out-of-bounds if a buffer is full. The following products and versions are affected: HHV...
AZL-6652 CVE-2020-35521 affecting package libtiff for versions less than 4.1.0-3
A flaw was found in libtiff. Due to a memory allocation failure in tifread.c, a crafted TIFF file can lead to an abort, resulting in denial of service...