Nozomi Networks Guardian 操作系统命令注入漏洞

Nozomi Networks Guardian is an Internet of Things IoT device and software inspection system from Nozomi Networks, USA. Nozomi Networks Guardian suffers from an operating system command injection vulnerability that stems from improper signature validation, which could result in an authenticated...

Huawei HarmonyOS Deserialization Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a deserialization vulnerability, which arises from unsafe deserialization of serialized data received by an application from a...

PT-2025-24948 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-24588 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Manage Central Purchase Contract affected versions not specified Description: The issue concerns the lack of necessary authorization checks for authenticated users, allowing an attacker to execute the import function on an entity...

PT-2025-25049 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

The vulnerability of the formSetSafeWanWebMan() function (/goform/SetRemoteWebCfg) in the Tenda AC15 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetSafeWanWebMan function /goform/SetRemoteWebCfg in the Tenda AC15 router software exists because the operation is performed outside the buffer in memory when processing the remoteIp parameter. Exploiting this vulnerability could allow a malicious actor to compromise...

The vulnerability of the built-in boa server (/boafrm/formPortFw) of TOTOLINK EX1200T router microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the built-in server boa /boafrm/formPortFw of TOTOLINK EX1200T router microprogramming software is related to the issue of writing operations outside the buffer in memory when processing the servicetype parameter. Exploiting this vulnerability allows a remote attacker to...

PT-2025-25040 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

The vulnerability of the formSetIptv() function (/goform/SetIPTVCfg) in the Tenda AC9 router’s microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetIptv /goform/SetIPTVCfg function in the Tenda AC9 router’s microprogramming software is related to the lack of measures taken to clean data at the control level when processing the list parameter. Exploiting this vulnerability can allow a remote attacker to...

CVE-2025-48053 Discourse vulnerable to DoS via large URL payload in PM to a bot

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...

The vulnerability of the rxrpc_exit_net() function in the net/rxrpc/net_ns.c module, which implements networking functions for the Linux kernel, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the rxrpcexitnet function in the net/rxrpc/netns.c module, which implements networking functions in the Linux kernel, is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

Vulnerability of the _scsih_expander_node_remove() function in the drivers/scsi/mpt3sas/mpt3sas_scsih.c module – This driver is a Linux system kernel driver for supporting SCSI devices. It allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the scsihexpandernoderemove function in the drivers/scsi/mpt3sas/mpt3sasscsih.c module – The drivers for SCSI devices in Linux operating systems are related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the...

Walrus: an Efficient Decentralized Storage Network

Decentralized storage systems face a fundamental trade-off between replication overhead, recovery efficiency, and security guarantees. Current approaches either rely on full replication, incurring substantial storage costs, or employ trivial erasure coding schemes that struggle with efficient...

The vulnerability of the LZ4_decompress_generic() function in the lib/lz4/lz4_decompress.c file, which is part of the lz4 compression module for Linux kernel, allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the LZ4decompressgeneric function in the lib/lz4/lz4decompress.c module relates to the reutilization of previously freed memory in Linux kernel-based compression algorithms. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, an...

CVE-2025-48904

Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-48907

Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-48903

Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-48908

Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-58114

Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-48902

Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability...