EUVD-2025-10305

Malicious code in bioql PyPI...

CVE-2025-35978

Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be...

CVE-2025-31144

Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running...

CVE-2025-31144

CVE-2025-31144 affects SIOS Quick Agent V3 and V2 on Windows. The issue is an improper restriction of the communication channel to intended endpoints in the product’s API, enabling a remote unauthenticated attacker to attempt logging in to an arbitrary host where the product runs. Reported impact...

CVE-2024-50565

CVE-2024-50565 affects Fortinet FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb across multiple major versions, due to an improper restriction of the FGFM channel that permits an unauthenticated MITM attacker to impersonate the management device (FortiCloud/FortiManager...

CVE-2024-39271

Improper restriction of communication channel to intended endpoints in some IntelR PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access...

Elektraweb Trust Management Issues Vulnerability

Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A trust management issue vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from a security issue where the system suffers from improper access control, lack of authorization, incorrect...

CVE-2024-36252

Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed...

CVE-2024-36252

Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed...

CVE-2024-36252

CVE-2024-36252 affects Ricoh Streamline NX PC Client versions 3.6.x and earlier. The root cause is an improper restriction of the communication channel to intended endpoints (CWE-923). Successful exploitation could lead to arbitrary code execution on the host PC. Several connected sources corrobo...

JVN#00442488: Multiple vulnerabilities in Ricoh Streamline NX PC Client

Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 6.3 CVE-2024-36252 ricoh-2024-000004 Use of hard-coded...

CVE-2023-28971 Paragon Active Assurance: Enabling the timescaledb enables IP forwarding

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance PAA Formerly Netrounds allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Tes...

Palo Alto Networks PAN-OS Series PA-7000 9.0 < 9.0.7 / 9.1 < 9.1.2 RCE

The version of Palo Alto Networks PAN-OS running on the remote host is 9.0.x prior to 9.0.7 or 9.1.x prior to 9.1.2. It is, therefore, affected by a remote code execution vulnerability. Improper restriction of communications to Log Forwarding Card LFC on PA-7000 Series devices with the WildFire...

Input validation

Improper restriction of communications to Log Forwarding Card LFC on PA-7000 Series devices with second-generation Switch Management Card SMC may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and...

CVE-2019-17440

PAN-OS on PA-7000 Series: Improper restriction of communications to the Log Forwarding Card (LFC) allows an unauthenticated attacker with network access to the LFC to gain root access. Affected are PAN-OS 9.0.x prior to 9.0.5-h3 on PA-7080/PA-7050 with an LFC; deployments using the first‑gen SMC/...

PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access

Improper restriction of communications to Log Forwarding Card LFC on PA-7000 Series devices with second-generation Switch Management Card SMC may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and...

3S-Smart Software Solutions GmbH CODESYS V3 Products

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : 3S-Smart Software Solutions GmbH Equipment : CODESYS V3 products Vulnerabilities : Use of Insufficiently Random Values, Improper Restriction of Communication Channel to Intended Endpoints 2. RISK...