13 matches found
ZKTeco ZKBioSecurity 安全漏洞
ZKTeco ZKBioSecurity is a web-based integrated platform developed by ZKTeco in China. Version 3.0 of ZKTeco ZKBioSecurity contains a security vulnerability. This vulnerability stems from improper handling of file paths, which may allow attackers to access arbitrary files by modifying file paths...
EUVD-2025-200106
Grav Exposes Password Hashes Leading to privilege escalation...
EUVD-2023-55485
Malicious code in bioql PyPI...
CVE-2024-6429
A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...
The vulnerability of the Cisco Webex web conferencing platform, which exists due to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the Cisco Webex web conferencing platform exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...
The vulnerability of the virtuoso-opensource web application development platform, related to writing beyond the buffer limit, allows a hacker to trigger a service failure.
The vulnerability of the virtuoso-opensource web application development platform is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger service failures using specially created SQL operators...
The vulnerability in the web platform used for creating ZKBio Access lVS control and access management systems stems from errors in processing the relative path to the catalog. This allows a hacker to gain access to and read arbitrary files.
The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to arbitrary files...
The vulnerability of the web platform used for creating ZKBio Access lVS control and access management systems lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary SQL code.
The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
CVE-2023-26123
Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting XSS such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscriptenrunscript...
vaadin 跨站脚本漏洞
vaadin vaadin is an open source platform for web application development from Finnish company vaadin. the vaadin platform consists of a set of web components, a Java web framework, and a set of tools and application launchers. the vaadin platform includes a set of web components, a Java web...
cPanel Authorization Issues Vulnerability (CNVD-2019-36126)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An authorization issue vulnerability exists in cPanel. Detailed vulnerability details are not available at this time...
Fiserv Flaw Exposed Customer Data at Hundreds of Banks
Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based Fiserv...