SUSE CVE-2025-62409

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...

EUVD-2021-8667

Malicious code in bioql PyPI...

EUVD-2022-27826

Malicious code in bioql PyPI...

ABB多款产品 安全漏洞

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to the Vyper compiler skipping evaluation of the start argument in the slice function when length is 0 and the source is a special location like msg.data or .code, allows an attacker to suppress execution of...

Hitachi Energy RTU500 代码问题漏洞

Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Ltd Hitachi, Japan. A code issue vulnerability exists in the Hitachi Energy RTU500 that stems from a specially crafted message sequence that could lead to a denial of service in the RTU500 CMU application...

SUSE CVE-2022-49451

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix list protocols enumeration in the base protocol While enumerating protocols implemented by the SCMI platform using BASEDISCOVERLISTPROTOCOLS, the number of returned protocols is currently validated in an...

CVE-2025-21562

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Run Control Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2025-21563

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Run Control Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...

AZL-55971 CVE-2024-26893 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chanfree callback function, defined by each transport. Since multiple protocols might share the same...

UBUNTU-CVE-2023-52608

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Check mailbox/SMT channel for consistency On reception of a completion interrupt the shared memory area is accessed to retrieve the message header at first and then, if the message sequence number identifies a...

PT-2023-4954

Name of the Vulnerable Software and Affected Versions: Redis versions 7.0 through 7.0.12 Redis versions 7.2 through 7.2.0 Description: The issue is related to insecure privilege management in Redis, an in-memory database that persists on disk. It does not correctly identify keys accessed by the...

Design/Logic Flaw

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information...

JTEKT ELECTRONICS Screen Creator Advance 缓冲区错误漏洞

JTEKT ELECTRONICS Screen Creator Advance is a screen development tool from JTEKT ELECTRONICS. A security vulnerability exists in JTEKT ELECTRONICS Screen Creator Advance 2 Ver.0.1.1.4 Build01 version and prior versions, which stems from the inability to validate data when processing control...

PT-2023-16029 · Unknown · Control Id Panel +1

Name of the Vulnerable Software and Affected Versions: Control iD Gerencia Web version 1.30 Control iD Panel affected versions not specified Description: A vulnerability was found in the Web Interface component, where the manipulation of the Nome argument leads to cross-site scripting. The attack...

SQL Injection Vulnerability in UFIDA GRP-U8 Administration and Utilities Internal Control Management Software (New Government Accounting System Special Edition) (CNVD-2022-84009)

Founded in 1988, UFIDA is a leading digital intelligence platform and service provider for enterprises and public organizations in China and around the world. A SQL injection vulnerability exists in UFIDA GRP-U8 Administration and Utilities Internal Control Management Software New Government...

CVE-2022-22681

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors...

Session fixation

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors...

CVE-2022-22681

Synology Photo Station (pre-6.8.16-3506) contains a Session Fixation vulnerability in access control management that can allow remote attackers to bypass security constraints. Affected component: Photo Station; root cause: session fixation. Impact is elevated access by bypassing constraints; expl...