110 matches found
Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2024-41985)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a attacker to execute XSS attacks.
The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
Google Chrome Security Bypass Vulnerability (CNVD-2024-33615)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome version 1.3.36.351 and prior versions, which stems from a mal-implementation issue found in the Sign-In module. An attacker could exploit the vulnerability to bypass security...
Pear Admin Boot SQL Injection Vulnerability
Pear Admin Boot is an out-of-the-box Spring rapid development platform for the Pear Admin community in China. A SQL injection vulnerability exists in Pear Admin Boot version 2.0.2 and earlier versions. An attacker exploits this vulnerability to perform SQL injection attacks...
CVE-2024-3721
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=SOSTREAMAX . The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotel...
Huawei HarmonyOS and EMUI Lock Screen Module Privilege Management Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege management vulnerability exists in the...
Microsoft Dynamics 365 (on-premises) cross-site scripting vulnerability (CNVD-2024-39670)
Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability exists in Microsoft Dynamics 365 on-premises,...
(Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RESTSDK server. The issue results from...
IBM Tivoli Application Dependency Discovery Manager Cross-Site Scripting Vulnerability (CNVD-2024-07605)
IBM Tivoli Application Dependency Discovery Manager TADDM is a product in the suite of IT service management solutions from International Business Machines IBM. The product provides robust automated application mapping and discovery to help administrators understand the structure, state,...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0118629)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CVE-2023-26154
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...
Microsoft Exchange Server Spoofing Vulnerability (CNVD-2024-37492)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by an attack...
Google Android Information Disclosure Vulnerability (CNVD-2024-00162)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
IBM DB2 Denial of Service Vulnerability (CNVD-2023-100317)
IBM DB2 is a relational database management system from International Business Machines IBM. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service full vulnerability exists in IBM Db2 version 11.1 and 11.5, which can be...
Qualcomm Chipsets Security Vulnerability
Qualcomm Chipsets are a series of chipsets from Qualcomm, an American company. A security vulnerability exists in Qualcomm Chipsets. Attackers have exploited the vulnerability to cause a denial-of-service attack on the system...
Rockwell Automation ThinManager ThinServer Input Validation Error Vulnerability
Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers at the same time. An input validation error vulnerability exists in Rockwell Automation ThinManager ThinServer, which can be...
Huawei HarmonyOS and EMUI Memory Misreference Vulnerability Hole (CNVD-2023-61741)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI have a memory misreference...
SeaCMS Denial of Service Vulnerability (CNVD-2024-37629)
SeaCMS is designed to solve the core needs of station owners and content management system, a set of programs to adapt to computers, cell phones, tablets, APP multiple terminal entrances, without any encryption code, safe and secure, is the best station building tools. SeaCMS 11.6 version of the...
simple-markdown 安全漏洞
Khan Academy simple-markdown is a Markdown parser. A security vulnerability exists in simple-markdown version 0.6.0. An attacker has exploited the vulnerability to reduce regular expression complexity...
Wallarm Releases New End-to-End Solution to Reduce Risk and Time-to-Remediate Leaked API Keys and Secrets
Advancement to API Security Technology Will Combat Recent Surge in Hacks Leveraging Leaked API; Early Release Now Available San Francisco, CA –BUSINESS WIRE– January 19, 2023 – Wallarm, the end-to-end API security company, today announced the early release of the Wallarm API Leak Management...