752 matches found
New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment
Multifunction printers MFPs do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer MFP Security within the Enterprise Business Environment, from Rapid7’s Deral Heiland, Principal Security...
CVE-2025-65289
A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...
EUVD-2025-202296
A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...
CVE-2025-65289
A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...
Weak Authentication
org.apache.druid, druid is vulnerable to Weak Authentication. The vulnerability is due to the Kerberos authenticator using a weak fallback secret generated with a non-cryptographically secure RNG when druid.auth.authenticator.kerberos.cookieSignatureSecret is not set, which allows an attacker to...
CVE-2025-65289
A stored Cross site scripting XSS vulnerability in the Mercury MR816v2 081C3114 4.8.7 Build 110427 Rel 36550n router allows a remote attacker on the LAN to inject JavaScript into the router's management UI by submitting a malicious hostname. The injected script is stored and later executed in the...
CVE-2025-54303
The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default...
AMD Xilinx Run Time Elevation of Privilege Vulnerability
AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. An elevation of privilege vulnerability exists in AMD Xilinx Run Time that stems from insufficient authentication and can be exploite...
WordPress plugin Wishlist for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
Desktop Alert PingAlert Server-Side Request Forgery Vulnerability
Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a server-side request forgery vulnerability, which stems from the server not...
Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability
Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...
PT-2025-45129
Name of the Vulnerable Software and Affected Versions Cisco Unified Contact Center Enterprise Cisco Unified CCX affected versions not specified Description A flaw exists in the Java Remote Method Invocation RMI process of Cisco Unified CCX. This issue could allow a remote attacker to upload...
IBM Concert Software Server-Side Request Forgery Vulnerability
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...
Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)
Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.3, which stems from insecure file and comma...
IBM Concert 代码问题漏洞
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...
CVE-2025-59249
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-49201
A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands...
EUVD-2025-34376
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-59249
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...