PT-2026-21375

Name of the Vulnerable Software and Affected Versions OneUptime versions 9.5.13 and below Description OneUptime is a solution for monitoring and managing online services. The custom JavaScript monitor feature utilizes Node.js's node:vm module, which is explicitly documented as not being a securit...

CVE-2025-36753 SWD Interface Open on Growatt ShineLan-X

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

The vulnerability of the proxy65 component of the Jabber/XMPP Prosody server, related to the absence of an authentication mechanism, allows attackers to trigger a service failure.

The vulnerability of the proxy65 component of the Jabber/XMPP Prosody server lies in the fact that it is configured with open access by default. Exploiting this vulnerability allows a remote attacker to cause a service failure...

ZTE ZXA10 C300M 资源管理错误漏洞

The ZTE ZXA10 C300M is an industrial control device from China's ZTE ZTE. A high-capacity hybrid fiber and copper platform that supports pure fiber, pure copper, and hybrid fiber and copper access. The ZXA10 C300M all versions up to V4.3P8 suffers from a resource management error vulnerability,...

用友软件存在两处命令执行漏洞可影响内网安全

简要描述： 刚进公司几天，无意看网站发现两处小漏洞，不知道报那里，就丢乌云吧 详细说明： 翻网站的时候无意发现两处Struts 1.http://comp.yonyou.com/hr/sm/Smindex.action 2.http://comp.yonyou.com/base/par/Parindex.action 貌似是没上线的平台，但是看一下信息就知道危害了 首先，先看看服务器信息 WIN2008服务器 再看看端口 3389是直接开放的 再看看IP吧 内网，再加上3389端口是默认开放的，如果，进行端口转发，提权，那么。。。 最后看看盘符信息吧 基本全遍历。 漏洞证明：...