PT-2026-47325

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer underwrite issue exists when using crafted regular expressions within the configuration. Recommendations Upgrade to version 2.4.68...

CVE-2026-11451 GL.iNet GL-MT3000 FTP Protocol glc snprintf command injection

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

CVE-2025-31973 HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'

HCL BigFix Service Management SM is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment...

PT-2026-31754

Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system CVE: CVE-2026-33793 PT ID: PT-2026-31754 Vendor: Juniper networks Product: Junos OS CVSS: 7.8 Credits: n/a Description: An Execution with Unnecessary...

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

TIBCO BPM Enterprise 安全漏洞

TIBCO BPM Enterprise is a business process management platform developed by TIBCO Corporation in the United States. This platform enables companies to drive digital transformation by making better decisions and taking faster, more informed actions. Version 4.x of TIBCO BPM Enterprise contains a...

CVE-2025-27378

The CVE-2025-27378 entry concerns AES (Altium Enterprise Server) with a SQL injection vulnerability caused by an inactive configuration that bypasses the latest SQL-parsing logic. When the sql.parsing configuration is not active, crafted input may be mishandled, enabling attackers to inject and e...

CVE-2023-40434

A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library...

CVE-2018-4433

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of th...

CVE-2018-4353

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14...

CVE-2018-4355

A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14...

CVE-2009-4998

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

CVE-2022-37011

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions V1.17.0, Mendix SAML Mendix 8 compatible All versions V2.3.0, Mendix SAML Mendix 9 compatible, New Track All versions V3.3.1, Mendix SAML Mendix 9 compatible, Upgrade Track All versions V3.3.0. Affected versions o...

CVE-2017-18819

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings...

CVE-2019-20654

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4...

CVE-2018-21169

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7000 before 2018-03-01, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 2018-03-01, R6050 before 1.0.1.14,...

CVE-2024-39917

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this...

PT-2026-1857

Name of the Vulnerable Software and Affected Versions ZTE MF258K Pro versions affected versions not specified Description A configuration issue exists in the version server of ZTE MF258K Pro products. This is due to incorrect directory permission settings, which allow an attacker to gain write...

PT-2026-1582

Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2 Description A configuration issue with service binding in internal service components allows a privileged attacker to affect service availability. This occurs because administrative services are exposed through...