Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003958)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003958 advisory. drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrscltdevrelease. Tenable has extracted the preceding...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004787 advisory. drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrscltdevrelease. Tenable has extracted the preceding...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23564)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23556)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23563)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of parameter m in file /clt/LOGINFRMoriginal.ASP, which can be exploited by an attacker to execute operating system...

CVE-2025-59758

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59759

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59771 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59767

CVE-2025-59767 : AndSoft e-TMS is vulnerable to a reflected XSS in v25.03. The issue arises from lack of proper input filtering/escaping in parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the endpoint /clt/LOGINFRM_LVE.ASP. An attacker can lure a user to a malicious URL to execute JavaSc...

CVE-2025-59759

AndSoft e-TMS v25.03 is affected by a reflected XSS vulnerability. The issue arises from lack of proper filtering/escaping of user-supplied data in the l, demo, demo2, TNTLOGIN, UO, and SuppConn parameters in the /clt/LOGINFRM_DELCROIX.ASP endpoint, enabling an attacker to execute JavaScript in a...

CVE-2025-59747 Multiple vulnerabilities in AndSoft's e-TMS

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in...

CVE-2025-59739

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in...

CVE-2025-59735

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM.ASP'...

CVE-2025-59738 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMBET.ASP'...

CVE-2025-59738 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMBET.ASP'...

CVE-2025-59737 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMLXA.ASP'...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the...

PT-2025-40358

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter l of /clt/resetPassword.asp, which can be exploited by an attacke...

AndSoft e-TMS 命令注入漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...