CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

CVE-2026-26333 Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

CVE-2026-26335 Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\Program Files x86\Veramark\VeraSMART\WebRoot\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes...

Aimeos GrapesJS CMS 跨站脚本漏洞

Aimeos GrapesJS CMS is a content management system for Aimeos Individual Developers. A cross-site scripting vulnerability exists in Aimeos GrapesJS CMS, which stems from the potential injection of JavaScript code when CSP is disabled, potentially leading to a stored cross-site scripting attack. T...

CVE-2025-22464

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition...

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers...

CVE-2024-34779

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...

PT-2024-6216 · Ivanti · Ivanti Epm

Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions prior to 2022 SU6 Ivanti EPM versions prior to the 2024 September update Description: The issue is related to a lack of authentication for a critical function in Ivanti EPM, specifically in Network Isolation. This allows a...

ECMAScript 安全漏洞

ECMAScript is a language library open-sourced by Ecma TC39. A security vulnerability exists in versions prior to ECMAScript 2022 through 2025 that stems from the presence of a JavaScript specification issue that leads to type confusion and pointer dereferencing in implementations...

PT-2024-4014 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2022 SU5 Description: The issue is related to a SQL Injection vulnerability in the GetDBPatches method of Ivanti Endpoint Manager, which fails to properly protect the SQL query structure. This allows ...

PT-2024-1067 · Ivanti · Ivanti Endpoint Manager +2

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2022 SU 5 Description: The issue is related to a SQL injection vulnerability that can be exploited to execute arbitrary SQL queries and retrieve output without authentication. Under specific...

Ivanti Endpoint Manager Security Vulnerability

Ivanti Endpoint Manager is a suite of endpoint security managers from Ivanti USA.Contents is a product analytics solution and innovation enabler for the Countly Team team. Helps teams track product performance, customer journeys and behaviors across mobile, web and desktop applications. A securit...

PT-2023-26374 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2022 SU4 Description: A file disclosure issue exists in the GetFileContents SOAP action exposed via "/landesk/managementsuite/core/core.secure/OsdScript.asmx". The application does not sufficiently...

CVE-2022-25864

Uncontrolled search path in some IntelR oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Intel oneMKL Security Vulnerability

Intel oneMKL is Intel's Mathematical Kernel Library for developers to implement high-performance mathematical and statistical computations in a variety of computing tasks. A security vulnerability exists in IntelR oneMKL versions prior to 2022.0. An attacker can exploit the vulnerability to eleva...

Mobatime 安全漏洞

Mobatime is a time and frequency synchronization solution from Mobatime, Inc. A security vulnerability exists in versions prior to Mobatime 06.7.2022, which stems from misauthorization in a web application...

Mobatime 代码问题漏洞

Mobatime is a time and frequency synchronization solution from Mobatime, Inc. A security vulnerability exists in versions prior to Mobatime 06.7.2022 that originates from allowing a malicious user to upload a Web Shell to a Web server...

CVE-2023-31923

Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...

CVE-2022-23790

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting XSS.This issue affects Customer Relation Manager: before 2022.03.13...

CVE-2022-23791

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting XSS. This issue affects Customer Relation Manager: before 2022.03.13...