19177 matches found
EUVD-2025-200227
Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi' and then uses it as an index in the 'FilesDownload' array with '&FilesDownloadiVar2'. If the parameter is too large, it will access memory beyond...
EUVD-2025-200231
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...
CVE-2025-11784
CVE-2025-11784 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In ShowMeterDatabase(), unlimited input from the meter parameter is copied into a fixed-size buffer using sprintf(), with GetParameter(meter) supplying the data. This constitutes a stack-based buffer overflow as no input size validatio...
CVE-2025-11782 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...
CVE-2025-11782 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...
CVE-2025-13809
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13810
A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing a manipulation results in path traversal. It is possible to initiate the attack remotely. The...
Exploit for Improper Access Control in Citrix Sharefile_Storagezones_Controller
Vulnerability Details - CVE: CVE-2021-22941 - Severity...
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
PT-2025-48675
Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists due to insufficient input validation. The GetParametermeter function retrieves user-supplied input, specifically the meter parameter, and copies it...
PT-2025-48669
Name of the Vulnerable Software and Affected Versions CircutorSGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the SetLan function of the software. This function is triggered when a new configuration is applied via a management web request to the 'index.cgi'...
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
Security Bulletin: Multiple vulnerabilities in IBM Cognos Controller
Summary Multiple vulnerabilities were addressed in IBM Cognos Controller 11.0.1 FP7 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions th...
Malicious code in kubernetes-controller-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42961dff6a9f6fd9e6dce1e6906ba8e15d64622a3856a65dc61ec9fd6974252b The package kubernetes-controller-tools was found to contain malicious code...
EUVD-2025-200056
Malicious code in kubernetes-controller-tools npm...
MAL-2025-191513 Malicious code in kubernetes-controller-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42961dff6a9f6fd9e6dce1e6906ba8e15d64622a3856a65dc61ec9fd6974252b The package kubernetes-controller-tools was found to contain malicious code...
CVE-2025-66384
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...
CVE-2025-13809
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13783
A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...