PT-2025-23606 · NetGear · Netgear Wnr614

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 version 1.1.0.28 1.0.1WW Description: A critical vulnerability exists in the Netgear WNR614 router, related to bypassing the authentication procedure. Manipulation of the input %00currentsetting.htm appended to a URL leads to...

The vulnerability affects the AcroForm 3D Handler component of the PDF Foxit Reader software for viewing electronic documents (previously known as Foxit Reader) and the Foxit PDF Editor software for editing PDF files (previously known as Foxit PhantomPDF). This vulnerability allows an attacker to execute arbitrary code.

The vulnerability of the AcroForm 3D Handler component in the PDF Foxit Reader formerly Foxit Reader and Foxit PDF Editor formerly Foxit PhantomPDF software for viewing electronic documents is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allow...

ARM SCP-Firmware 安全漏洞

ARM SCP-Firmware is a firmware driver from ARM UK. A security vulnerability exists in ARM SCP-Firmware versions 2.11.0-2.15.0, which stems from the failure of the transportmessagehandler function to properly handle errors, resulting in a buffer overflow...

Bylancer Quicklancer SQL注入漏洞

Bylancer Quicklancer is a freelance platform from Bylancer, Inc. A SQL injection vulnerability exists in Bylancer Quicklancer version 2.4, which stems from the parameter range2 of the component GET Parameter Handler can lead to SQL injection...

The vulnerabilities of the Handler for User Photo Upload Command and the Handler for Picture Upload Command in the microprogrammable biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME allow a perpetrator to gain unauthorized access, enabling them to read, modify, or delete data.

The vulnerability of the Handler for User Photo Upload Command and Handler for Picture Upload Command components of the microprogrammed software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to errors in processing the relative path to the catalog...

The vulnerability of the Lab Handler component in the EVE-NG multi-user networking emulation software allows a attacker to perform XSS attacks.

The vulnerability of the Lab Handler component in the EVE-NG multi-user networking emulator exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the Setting Handler component in the software for creating, testing, documenting, publishing, and maintaining the API interface of applications allows a perpetrator to execute arbitrary code.

The vulnerability of the Setting Handler component in software for creating, testing, documenting, publishing, and maintaining the API interface of an application relates to the copying of buffers without checking the size of input data when processing PDF files. Exploiting this vulnerability...

The vulnerability of the SNP Guest Context Page Handler component in AMD microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the SNP Guest Context Page Handler component in AMD microprocessors lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

Improper access control

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

CVE-2023-31100

CVE-2023-31100 relates to an Improper Access Control in the SMI handler of Phoenix SecureCore Technologies 4. Affected versions include: 4.3.0.0 before 4.3.0.203; 4.3.1.0 before 4.3.1.163; 4.4.0.0 before 4.4.0.217; and 4.5.0.0 before 4.5.0.138. The root cause is an access control flaw in the SMI ...

PT-2023-10831 · Unknown · Vaerys-Dawn Discordsailv2

Name of the Vulnerable Software and Affected Versions: Vaerys-Dawn DiscordSailv2 versions up to 2.10.2 Description: A critical issue was found in the Tag Handler component, leading to improper access controls due to manipulation. This issue affects some unknown functionality of the component...

MaximaTech Portal Executivo 安全漏洞

MaximaTech Portal Executivo is a portal system from MaximaTech, Inc. A security vulnerability exists in MaximaTech Portal Executivo version 21.9.1.140, which stems from a sensitive information disclosure vulnerability in the component Cookie Handler...

The vulnerability of the upgrade_handler() functions in the microprogramming software for Netgear WG302v2 and Netgear WAG302v2 allows a hacker to execute arbitrary commands.

The vulnerability of the upgradehandler function in Netgear WG302v2 and Netgear WAG302v2 routers lies in the lack of measures to neutralize special elements during the processing of parameters firmwareRestore and firmwareServerip. Exploiting this vulnerability allows a remote attacker to execute...

Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System 代码问题漏洞

Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System is a flash flood prevention monitoring and early warning system from Suncreate. The Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System is vulnerable to a code issue in the file...

The vulnerability of the Setting Handler component of the Elcomplus SmartPPT server allows a perpetrator to execute arbitrary code.

The vulnerability of the Setting Handler component in the Elcomplus SmartPPT server is related to authentication errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route

A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard , an attacker can exfiltrate any class path resource...

CVE-2023-34344 A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username

AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure...

CVE-2023-2153

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/assets/plugins/DataTables/examples/examplessupport/editableajax.php of the component POST Parameter Handler. The...

The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to enhance their privileges.

The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by adding user accounts to administrative groups...