21 matches found
CVE-2026-10787
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server 2026.1.20.0 and earlier...
CVE-2026-10786
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...
EUVD-2026-31460
Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through...
PT-2026-37648
Name of the Vulnerable Software and Affected Versions Cisco Unity Connection affected versions not specified Description Insufficient validation of user-supplied input in the web-based management interface allows an authenticated remote attacker to execute arbitrary code as root. This is achieved...
CVE-2026-6706
Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. This issue affects Server: from 2026.1.6.0 through 2026.1.14.0, through 2025.3.18.0...
PT-2026-35724
Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2026.1.14.1 Description Improper access control in the vault documentation feature allows an authenticated attacker to read documentation content from unauthorized vaults by sending a crafted API request...
The vulnerability of the Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) management platforms exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands with root privileges.
The vulnerability of the Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC platforms exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privilege...
CVE-2022-34534
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call...
CVE-2024-44757
CVE-2024-44757 describes an arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0, exploitable via a crafted interface request that can expose sensitive files. The initial data indicates a high-severity impact (C:H/I:N/A:N, CVSS 3....
CVE-2022-4003
A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...
Motorola Q14 安全漏洞
The Motorola Q14 is a mesh router system from Motorola USA. A security vulnerability exists in Motorola Q14 versions prior to v1.5.0.16, which stems from a denial of service vulnerability that could allow an authenticated user to trigger an internal service restart via a specially crafted API...
UBUNTU-CVE-2024-28397
An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...
The vulnerability in the web interface for controlling the Flowmon operating system of network monitoring devices allows a perpetrator to execute arbitrary commands.
The vulnerability of the web interface for controlling the Flowmon operating system in devices for network monitoring exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute...
PT-2024-21971 · Ladder · Ladder
Name of the Vulnerable Software and Affected Versions: Ladder versions 0.0.1 through 0.0.21 Description: The issue allows a remote attacker to obtain sensitive information via a crafted request to the API. Recommendations: For versions 0.0.1 through 0.0.21, update to a version that contains a fix...
The vulnerability of the software for managing Active Directory services, Zoho ManageEngine ADManager Plus, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information—suc...
PT-2023-24868 · Lenovo · Lenovo Xclarity Administrator
Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator LXCA affected versions not specified Description: The issue allows a valid, authenticated LXCA user with elevated privileges to potentially replace filesystem data through a specifically crafted web API call due ...
The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software lies in the fact that the output operations go beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by causing the user to open a specially...
SUSE CVE-2014-8640
The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service uninitialized-memory read and...
SUSE CVE-2022-3071
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction...
CVE-2022-34534
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call...