510 matches found
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...
CVE-2025-61956
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...
WordPress plugin MDTF 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23558)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
EUVD-2025-32499
An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example...
HCL MyXalytics 安全漏洞
HCL MyXalytics is an analytics software product from HCL India. It is used to perform data analysis and other related tasks. A security vulnerability exists in HCL MyXalytics version 6.6, which stems from a lack of proper validation and access control when automatically binding user inputs to...
CVE-2025-58317
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...
CVE-2025-41058
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/rowmanager...
CVE-2025-41052
CVE-2025-41052 affects appRain CMF 4.0.5. A stored authenticated XSS exists due to insufficient validation of user input in the /apprain/developer/addons/update/canvasjs endpoint, triggered via data[Addon][layouts] and data[Addon][layouts_except]. Consequences described include cookie-based crede...
PT-2025-35809
Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: A vulnerability in Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a targeted user to an untrusted website. The issue stemmed from insufficient...
CVE-2025-20345 Cisco Duo Authentication Proxy Information Disclosure Vulnerability
A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...
SUSE CVE-2025-49090
The Matrix specification before 1.16 i.e., with a room version before 12 and State Resolution before 2.1 has deficient state resolution...
CVE-2025-24305
Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...
The vulnerability in the management of FortiOS operating systems and FortiProxy proxy servers, related to authentication procedures that lack sufficient protection, allows attackers to bypass existing security restrictions and gain access to the system.
The vulnerability in the management of FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to authentication procedures’ deficiencies. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain...
The vulnerability of the Java VM component of the Oracle Database Server system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the sub_41F0FC function in the /H5/webgl.data file of the D-Link DI-7003GV2 router’s microprogramming software, which allows a hacker to disclose confidential information
The vulnerability of the sub41F0FC function in the /H5/webgl.data file of the D-Link DI-7003GV2 router’s microprogramming system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to disclose confidential information remotely...
Vulnerability of the Server component: The MySQL Server database management system’s Optimizer component allows a hacker to gain unauthorized access for creating, deleting, and modifying data.
The vulnerability of the MySQL Server component, which is part of the database management system, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to create, delete, and modify data...
The vulnerability of Juniper Networks Junos OS web server allows a hacker to gain access to device command interfaces.
The vulnerability of Juniper Networks Junos OS web servers is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow a malicious actor to gain access to device command interfaces remotely...
The vulnerability of the Internal Operations component of the Oracle Lease and Finance Management system, a business automation solution, allows a perpetrator to gain access to read, modify, and delete information.
The vulnerability of the Internal Operations component of the Oracle Lease and Finance Management system, a part of the Oracle E-Business Suite, relates to deficiencies in the authorization process. Exploiting this vulnerability could allow an attacker to gain access to read, modify, and delete...
The vulnerability of the Unified Audit component of the Oracle Database Server system allows a perpetrator to gain access to read, modify, and delete information.
The vulnerability of the Unified Audit component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to read, modify, and delete data...