107 matches found
PT-2026-43586
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server...
Exposed Dangerous Method or Function
Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the currenthead field in the REST API. An attacker can manipulate the state of local repository clones or render them unusable by...
CVE-2026-8108 Fuji Electric Tellus Exposed Dangerous Method or Function
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...
Exposed Dangerous Method or Function
Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. ...
Exposed Dangerous Method or Function
Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. An attacker can...
PT-2026-40042
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
Exposed Dangerous Method Or Function
MCP Gateway is vulnerable to Exposed Dangerous Method or Function. The vulnerability is due to lack of protection in SSE or streaming transport modes, which allows an attacker to exploit browser-based requests via a malicious website to interact with internal MCP servers...
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
CVE-2026-3483
Ivanti DSM vulnerability CVE-2026-3483 affects Ivanti DSM prior to 2026.1.1. An exposed dangerous method enables a local authenticated attacker to escalate privileges (CVSSv3.1: 7.8, HIGH, LOCAL, PRIV: LOW, UI: NONE, conf/integ/avail: HIGH). The available description specifies the vulnerable comp...
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
CVE-2025-47366 Exposed Dangerous Method or Function in HLOS
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input...
CVE-2025-47366 Exposed Dangerous Method or Function in HLOS
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input...
CVE-2025-47366
Technical details for CVE-2025-47366 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Exposed Dangerous Method or Function, Origin Validation Error due to webpack-dev-server
Summary webpack-dev-server is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2025-30359 DESCRIPTION: webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1,...
Exposed Dangerous Method or Function
Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...
Exposed Dangerous Method or Function
Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...
Arista NG Firewall replace_marker Exposed Dangerous Function Authentication Bypass Vulnerability
This vulnerability allows remote attackers to to bypass authentication on affected installations of Arista NG Firewall. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler.p...
CVE-2025-47353
Summary: CVE-2025-47353 describes a memory corruption issue in an Automotive Software platform based on QNX used by Qualcomm, triggered by processing requests sent from GVM. The CVSS 3.1 base score is 7.8 (High) with local attack vector, low attack complexity, and no privileges or user interactio...