CVE-2022-49521 scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfcsli4sendseqtoulp If no handler is found in lpfccompleteunsoliocb to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by returning resources when discardin...

CVE-2022-49521

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfcsli4sendseqtoulp If no handler is found in lpfccompleteunsoliocb to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by returning resources when discardin...

PT-2025-8691 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: The issue concerns an authorization flaw in Mautic's HTTP Basic Authentication implementation, allowing unauthorized access to sensitive report data. Specifically, an improper authorization...

CVE-2025-1612

A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5gbasic.asp. The manipulation of the argument SSID leads to cross site scripting. The attack can be initiated remotely. The vendor was contacted...

PT-2025-16808 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an unauthenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...

PT-2025-16807 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used CreateTrace method. This could allow an unauthenticated remote attacker ...

PT-2025-16809 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used Authenticate method. This could allow an unauthenticated remote attacker...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

CVE-2022-41545

Netgear C7800 Router (firmware 6.01.07 and possibly others) exposes admin credentials via basic authentication over HTTP, with credentials base64-encoded in the header and no transport security by default. This enables eavesdropping/MITM on authenticated requests over WLAN or LAN. Reported CVSSv3...

CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

SUSE CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

DEBIAN-CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

UBUNTU-CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

CVE-2025-0896

CVE-2025-0896 affects Orthanc server prior to version 1.5.8. The root cause is that basic authentication is not enabled by default when remote access is enabled, which can lead to unauthorized access. CVSS metrics shown in the public data indicate CRITICAL impact across confidentiality, integrity...

CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

Orthanc 访问控制错误漏洞

Orthanc is a free and open source software from Orthanc. An access control error vulnerability exists in Orthanc versions prior to 1.5.8 that stems from not enabling basic authentication by default when enabling remote access...