5284 matches found
UBUNTU-CVE-2025-49643
An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...
UBUNTU-CVE-2025-27232
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
CVE-2025-27232
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
CVE-2025-27232
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
CVE-2025-49643 Frontend DoS vulnerability due to asymmetric resource consumption
An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...
CVE-2025-27232
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
CVE-2025-27232
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
PT-2025-48442
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
Socomec DIRIS Digiware M-70 WEBVIEW-M cross-site request forgery (CSRF) vulnerability
Talos Vulnerability Report TALOS-2024-2116 Socomec DIRIS Digiware M-70 WEBVIEW-M cross-site request forgery CSRF vulnerability December 1, 2025 CVE Number CVE-2024-53684 SUMMARY A cross-site request forgery csrf vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70...
Socomec DIRIS Digiware M-70 Modbus TCP factory reset denial of service vulnerability
Talos Vulnerability Report TALOS-2024-2118 Socomec DIRIS Digiware M-70 Modbus TCP factory reset denial of service vulnerability December 1, 2025 CVE Number CVE-2024-49572 SUMMARY A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A...
CVE-2025-41737
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...
PT-2025-47460
Name of the Vulnerable Software and Affected Versions ITEL ISO FM SFN Adapter versions ISO2 2.0.0.0 and WebServer 2.0 Description The ITEL ISO FM SFN Adapter is susceptible to session hijacking because of inadequate session management on the /home.html endpoint. An attacker can gain access to an...
CVE-2025-41737
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...
CVE-2025-41737 Improper access control via php endpoint
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...
CVE-2025-41737 Improper access control via php endpoint
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...
PT-2025-47294
Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description A webserver misconfiguration allows an unauthenticated remote attacker to read the source code of PHP modules. Recommendations At the moment, there is no information about a newer version th...
CVE-2025-10150
Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...
CVE-2025-10150
Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...
CVE-2025-10150 Webserver crash caused by scanning on TCP port 80
Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...
CVE-2025-10150
CVE-2025-10150 refers to a webserver crash in Softing SmartLink gateways/switches triggered by scanning TCP port 80. Affected are SmartLink HW-PN versions 1.02–1.03 and HW-DP version 1.31. Connected advisories confirm the issue and provide remediation guidance: upgrade SmartLink HW-PN to a versio...