EUVD-2021-24935

Malware in sbrugna...

EUVD-2019-8048

Malware in sbrugna...

Security Bulletin: OpenTelemetry Collector Contrib could allow a remote attacker to bypass security restrictions, caused by a flaw when configured to require a key, affects watsonx.data

Summary OpenTelemetry Collector Contrib could allow a remote attacker to bypass security restrictions, caused by a flaw when configured to require a key. By sending a specially crafted request, an attacker could exploit this vulnerability to perform unauthorized write to metrics and this could...

CVE-2025-5885 Konica Minolta bizhub cross-site request forgery

A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-4841 D-Link DCS-932L gpio sub_404780 stack-based overflow

A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

CVE-2025-2339 otale Tale Blog logs improper authentication

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

JVN#57428125: PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting

MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Impact If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when...

CVE-2024-49399

The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information...

CVE-2024-49396

The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information...

CVE-2024-49398

The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code...

JVN#80506242: awkblog vulnerable to OS command injection

awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Impact If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the machine running the product...

JVN#78084105: OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting

OpenPNE plugin "opTimelinePlugin" provided by OpenPNE Project contains a stored cross-site scripting vulnerability CWE-79 in Edit Profile page. Impact On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed ...

PT-2024-1369 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U version 15.03.06.49 multi TDE01 Description: A critical vulnerability has been found in the function formSetVirtualSer, which is related to a stack-based buffer overflow due to the manipulation of the argument list. This issue can...

Cross site request forgery (csrf)

The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user...

PT-2023-24937 · Aeotec · Aeotec Wallmote Switch

Name of the Vulnerable Software and Affected Versions: Aeotec WallMote Switch version 2.3 Description: A vulnerability in the Aeotec WallMote Switch allows attackers to cause a Denial of Service DoS via a crafted Z-Wave message. Recommendations: For Aeotec WallMote Switch version 2.3, at the...

Stack overflow

The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution...

CVE-2023-0755

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code...

PT-2022-27910 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered, related to the login name parameter in the do graph auth sub 4061E0 function. Recommendations: For TRENDnet TEW755AP version 1.13B01, consider restricting...

Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore may be affected by a Python Cryptographic Authority cryptography buffer overflow vulnerability has been addressed. Vulnerability Details IBM X-Force ID: 239927 DESCRIPTION: Python Cryptographic Authority cryptography is...

CVE-2022-41133

The affected product DIAEnergie versions prior to v1.9.01.002 is vulnerable to a SQL injection that exists in GetDIAElinemessagesettingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries...