CVE-2025-63958

MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint /MILLENSYS/settings that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An...

EUVD-2023-44655

Malicious code in bioql PyPI...

CVE-2025-56311

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...

CVE-2023-42228

Pat Infinite Solutions HelpdeskAdvanced = 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function...

PT-2025-1454 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue allows low-privileged users to edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function, indicating an incorrect acce...

CVE-2023-42228

Pat Infinite Solutions HelpdeskAdvanced ≤ 11.0.33 is vulnerable to Incorrect Access Control. Low-privilege users can edit their own ACL rules by sending a request to the AclList/SaveAclRules administrative function. CVSS 3.1 base score 8.8 (HIGH) indicates potential impact to confidentiality, int...

CVE-2023-42228

Pat Infinite Solutions HelpdeskAdvanced = 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function...

CVE-2024-2659

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function...

CVE-2024-2659

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function...

CVE-2023-40048

In WSFTP Server version prior to 8.8.2, the WSFTP Server Manager interface was missing cross-site request forgery CSRF protection on a POST transaction corresponding to a WSFTP Server administrative function...

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

CVE-2022-36116

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the setValidationInfo...

Schneider Modicon SCADA Ladder Logic Upload/Download

A vulnerability has been reported in Schneider Electric Modicon Quantum. The vulnerability is due to the use of unauthenticated administrative function...

Schneider Modicon SCADA Remote START/STOP Command

A vulnerability has been reported in Schneider Electric Modicon Quantum. The vulnerability is due to the use of unauthenticated administrative function...