CVE-2024-50406 License Center

A cross-site scripting XSS vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version:...

CVE-2024-22128

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...

CVE-2024-48867

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...

CVE-2024-48868

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...

CVE-2023-27893

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

CVE-2023-44315

A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting XSS attack that may lead to...

CVE-2023-20039

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...

CVE-2022-41575

A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data e.g., cleartext credentials. This is fixed in 2022.3.3...

CVE-2022-36852

Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data...

CVE-2021-3176

The chat window of the Mitel BusinessCTI Enterprise MBC-E Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view...

CVE-2021-32068

The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack by sending multiple session renegotiation requests, due to insufficient TLS session controls. A successful exploit could allow an attacker to modify applicatio...

CVE-2021-26996

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks...

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

CVE-2020-21881

Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...

CVE-2018-13908

Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

CVE-2011-4864

The Tencent MobileQQ com.tencent.mobileqq application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS that stems from a competitive condition that could cause applications to access sensitive user data...

QNAP QTS SSRF Vulnerability (QSA-24-53)

QNAP QTS is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...

QNAP QuTS hero SSRF Vulnerability (QSA-24-53)

QNAP QuTS hero is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...