Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞

The Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series are both a series of secure terminal servers from Moxa Corporation of Taiwan, China. A security vulnerability exists in the Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series that originates from an authenticated user with read-only...

CVE-2024-58337

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities...

CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

CVE-2023-54181

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix issue in verifying allowptrleaks After we converted the capabilities of our networking-bpf program from capsysadmin to capnetadmin+capbpf, our networking-bpf program failed to start. Because it failed the bpf verifier, a...

CVE-2023-54318

CVE-2023-54318 affects the Linux kernel in the net/smc code path. The issue stems from iterating smc_lgr_list.list in smcr_port_add without proper synchronization, allowing a linkgroup to be added or removed concurrently and potentially triggering a NULL dereference and kernel crash. The connecte...

CVE-2023-54220 serial: 8250: Fix oops for port->pm on uart_change_pm()

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix oops for port-pm on uartchangepm Unloading a hardware specific 8250 driver can produce error "Unable to handle kernel paging request at virtual address" about ten seconds after unloading the driver. This happens...

CVE-2025-68976 WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability

Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

rustfs 信任管理问题漏洞

rustfs is a high performance object storage system from the RustFS open source. A trust management issue vulnerability exists in versions prior to rustfs 1.0.0-alpha.77, which stems from the use of hard-coded static tokens for gRPC authentication, and could lead to privileged operations such as...

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

EUVD-2025-205446

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/adminaccess1...

SUSE CVE-2022-50710

In the Linux kernel, the following vulnerability has been resolved: ice: set txtstamps when creating new Tx rings via ethtool When the user changes the number of queues via ethtool, the driver allocates new rings. This allocation did not initialize txtstamps. This results in the txtstamps field...

CVE-2019-25252

Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in...

CVE-2018-25156

Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration...

CVE-2018-25148

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2019-25250

The CVE covers Devolo dLAN 500 AV Wireless+ (firmware 3.1.0-1) with a cross-site request forgery flaw that allows triggering administrative actions via malicious pages when a logged-in user visits. Root cause stated across sources is lack of proper request validation enabling CSRF to trigger unau...

CVE-2019-25244 Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities

Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through...

CVE-2019-25242

The CVE covers FaceSentry Access Control System version 6.4.8, where a cross-site request forgery (CSRF) vulnerability enables an attacker to perform administrative actions without user consent by persuading an authenticated user to load a crafted page. The vulnerability targets the web interface...

CVE-2018-25148 Microhard Systems IPn4G 1.1.0 Remote Code Execution via Admin Interface

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges,...

CVE-2023-54133

In the Linux kernel, the following vulnerability has been resolved: nfp: clean mc addresses in application firmware when closing port When moving devices from one namespace to another, mc addresses are cleaned in software while not removed from application firmware. Thus the mc addresses are...