192493 matches found
CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
EUVD-2026-5537
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
CVE-2026-1897 WeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorization
A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...
PT-2026-6598
Name of the Vulnerable Software and Affected Versions Moxa Industrial Linux 3 affected versions not specified Description A physical attack is possible on certain Moxa industrial computers utilizing TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU via an SPI bus...
Moxa Industrial Linux 安全漏洞
Moxa Industrial Linux is an industrial-grade Linux system developed by Moxa Corporation in Taiwan, China. Moxa Industrial Linux has a security vulnerability, which stems from the physical attack vulnerability present in LUKS full-disk encryption supported by TPM. This vulnerability could lead to...
CVE-2025-68643
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...
GNSS SpAmming: A Spoofing-Based GNSS Denial-Of-Service Attack
GNSSs are vulnerable to attacks of two kinds: jamming i.e. denying access to the signal and spoofing i.e. impersonating a legitimate satellite. These attacks have been extensively studied, and we have a myriad of countermeasures to mitigate them. In this paper we expose a new type of attack:...
EUVD-2025-206860
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...
CVE-2025-68643
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...
CVE-2025-68643
Axigen Mail Server prior to 10.5.57 is affected by a stored XSS in the timeFormat account preference. The vulnerability allows an attacker to inject a malicious JavaScript payload into timeFormat, which is later loaded from storage and inserted into the DOM when the WebMail interface is accessed,...
CVE-2025-68643
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...
PT-2026-6635
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based for Android affected versions not specified Description A flaw in Microsoft Edge for Android allows an attacker to conduct spoofing attacks over a network by misrepresenting critical information in the user...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering,...
Medium: python-filelock
Issue Overview: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows loc...
CVE-2026-1895
A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...
EUVD-2019-19385
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...
CVE-2019-25285 Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the...
CVE-2026-1892
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...
EUVD-2023-48034
EVE Doesn't Protect Config Partition with Measured Boot...
CVE-2026-1884
CVE-2026-1884 affects ZenTao up to 21.7.6-85642. The vulnerable element is the function fetchHook in the file module/webhook/model.php of the Webhook Module. This manipulation enables a server-side request forgery (SSRF) that may be exploited remotely; the exploit is publicly available. Vendors w...