3912 matches found
CVE-2019-25368
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...
CVE-2019-25368 OPNsense 19.1 Reflected XSS via diag_backup.php
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...
EUVD-2019-19410
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...
CVE-2019-25368
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diagbackup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDriveGDriveEmail, GDriveGDriveFolderID, GDriveGDriveBackupCount, Nextcloudurl, Nextclouduser,...
CVE-2019-25368
OPNsense 19.1 contains cross-site scripting vulnerabilities in the diag_backup.php endpoint. The issue allows injection of malicious scripts via multiple parameters (e.g., GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextc...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
SUSE SLES15 Security Update : freerdp (SUSE-SU-2026:0421-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0421-1 advisory. - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. - CVE-2026-22854:...
Security update for freerdp
This update for freerdp fixes the following issues: CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in...
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
Drive Software Free Desktop Clock 安全漏洞
Drive Software Free Desktop Clock is a clock software developed by the Drive Software company. Version 3.0 of Drive Software Free Desktop Clock contains a security vulnerability. This vulnerability stems from a stack overflow issue when entering time zone names, which may lead to the execution of...
CVE-2025-69431
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...
Trojan Attacks on Neural Network Controllers for Robotic Systems
Neural network controllers are increasingly deployed in robotic systems for tasks such as trajectory tracking and pose stabilization. However, their reliance on potentially untrusted training pipelines or supply chains introduces significant security vulnerabilities. This paper investigates...
CVE-2025-69429
The ORICO NAS CD3510 version V1.9.12 and below contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the...