24 matches found
CVE-2025-32003
Out-of-bounds read in the firmware for some 100GbE IntelR Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of servic...
Progress Software Kemp LoadMaster delcert Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of user data passed to the delcert command. The iss...
EUVD-2025-33894
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...
EUVD-2024-54298
Malicious code in bioql PyPI...
CVE-2025-4876
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained t...
Zoom Workplace Apps for Windows Null Pointer Dereference Vulnerability
Zoom Workplace Apps for Windows is an official suite of collaboration tools from Zoom that includes core features such as team chat, whiteboards, notes, and more, and is required to be used through a Zoom Meetings account. A null pointer dereference vulnerability exists in Zoom Workplace Apps for...
CVE-2024-10210
CVE-2024-10210 affects the B&R APROL APROL Web Portal prior to version 4.4-005P. The vulnerability is an External Control of File Name or Path, allowing an authenticated network-based attacker to access data from the file system. The CVE entry lists a CVSS v4.0 base score of 8.4 (HIGH) with NETWO...
CVE-2024-10208 Cross Site Scripting vulnerability in APROL Web Portal
An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL 4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session...
CVE-2024-8314 Improper session handling in B&R APROL
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...
Oracle Siebel CRM 8.1.1.x < 8.1.1.11 (October 2013 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected a vulnerability as referenced in the October 2013 CPU advisory. - Vulnerability in the Siebel Core - EAI component of Oracle Siebel CRM subcomponent: Web Services. The supported version that is affected is 8.1.1. Easily...
Oracle Siebel CRM (April 2013 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2013 CPU advisory. - Vulnerability in the Siebel Enterprise Application Integration component of Oracle Siebel CRM subcomponent: Web Services. Supported versions that...
Oracle Siebel CRM (January 2013 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2013 CPU advisory. - Vulnerability in the Siebel CRM component of Oracle Siebel CRM subcomponent: Siebel Calendar. Supported versions that are affected are 8.1.1 an...
Oracle Siebel CRM (April 2012 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2012 CPU advisory. - Vulnerability in the Siebel Clinical component of Oracle Industry Applications subcomponent: Web UI. Supported versions that are affected are 7.7...
Vulnerability found in Ivanti Endpoint Manager
A vulnerability has been found in Ivanti Endpoint Manager EPM 2024. Other versions of Ivanti Endpoint Manager are not known to be vulnerable. The vulnerability allows an authenticated attacker who is on the same network to execute arbitrary code via SQL injection. Ivanti has no indication that th...
PT-2024-1482 · Emerson · Emerson Rosemount Gc700Xa +2
Name of the Vulnerable Software and Affected Versions: Emerson Rosemount GC370XA, GC700XA, GC1500XA affected versions not specified Description: The issue is related to the lack of measures to neutralize special elements used in the operating system command. This could allow a remote attacker to...
Denial of service in DataCommunicator class in Vaadin 8
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...
Denial of service in DataCommunicator class in Vaadin 8
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...
CVE-2021-33609
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...
CVE-2021-33609 Denial of service in DataCommunicator class in Vaadin 8
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...
Input validation
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...