19182 matches found
Missing Release of Memory after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the Attach functionality. An attacker can cause excessive memory consumption on the host by repeatedly initiating CRI Attach requests, leading to resource exhaustion due to goroutin...
CVE-2025-34242
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34242
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34247
Advantech WebAccess/VPN versions prior to 1.1.5 are affected by a SQL injection in NetworksController.addNetworkAction(). An authenticated, low-privileged observer user can inject SQL via datatable search parameters, potentially disclosing database information. Affected product scope and impact a...
CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34242 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34242 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
CVE-2025-34242
Advantech WebAccess/VPN before version 1.1.5 contains a SQL injection in AjaxNetworkController.ajaxAction(). An authenticated, low-privileged observer can inject SQL via datatable search parameters, leading to disclosure of database information. Affected product/version: Advantech WebAccess/VPN
CVE-2025-34236 Advantech WebAccess/VPN < 1.1.5 Stored XSS via NetworksController.addNetworkAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting XSS vulnerability via NetworksController.addNetworkAction. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...
Security Bulletin: Due to the use of helm, IBM Kubecost Self Hosted is affected by stack overflow and memory exhaustion
Summary helm is used by IBM Kubecost Self Hosted as part of the cluster-controller component CVE-2025-32387, CVE-2025-32386 Vulnerability Details CVEID:CVE-2025-32387 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply...
PT-2025-45349
Name of the Vulnerable Software and Affected Versions Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181 Dell Integrated Dell Remote Access Controller 15G and 16G versions 6.10.80.00 through 7.20.10.50 Dell Integrated Dell Remote Access Controller 10, 17G versions...
PT-2025-45372
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the NetworksController.addNetworkAction function. An authenticated, low-privileged user can inject SQL code through datatable search...
Dell iDRAC9和Dell iDRAC10 路径遍历漏洞
The Dell iDRAC9 and Dell iDRAC10 are both products of Dell Inc. of the United States Dell.The Dell iDRAC9 is provides provides comprehensive, embedded management, automation capabilities across the PowerEdge family of servers. The Dell iDRAC10 is an integrated remote access controller. A path...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
PT-2025-45403
Name of the Vulnerable Software and Affected Versions containerd versions 1.7.28 and below containerd versions 2.0.0-beta.0 through 2.0.6 containerd versions 2.1.0-beta.0 through 2.1.4 containerd versions 2.2.0-beta.0 through 2.2.0-rc.1 Description containerd, an open-source container runtime, is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990523)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990523 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990606)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990606 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset...
PT-2025-45513
Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance VMI by creating a...
CVE-2025-62720
LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. The HTML and CSV export functions in the...