Orca Energija Orca heat pump 安全漏洞

Orca Energija Orca heat pump is a series of air-to-water heat pump systems developed by Orca Energija. There are security vulnerabilities in Orca Energija Orca heat pumps. These vulnerabilities stem from the lack of authentication and plaintext data transmission. Combined with the absence of...

PT-2026-28802

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

OESA-2025-2872 qt5-qtdeclarative security update

. Security Fixes: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text componen...

GHSA-9V82-VCJX-M76J Shopware: Reflective Cross Site-Scripting (XSS) in CMS components

Impact By exploiting XSS vulnerabilities, malicious actors can perform harmful actions in the user's web browser in the session context of the affected user. Some examples of this include, but are not limited to: - Obtaining user session tokens. - Performing administrative actions when an...

The vulnerability of the Connector/Python driver for MySQL Connectors in the Oracle MySQL database management system allows a hacker to gain unauthorized access to read, add, modify, and delete data, or to cause a service failure.

The vulnerability of the Connector/Python driver for MySQL Connectors in the Oracle MySQL database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, add, modify, or delete data, or to cau...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

PT-2023-31712 · Unknown · Englesystem

Name of the Vulnerable Software and Affected Versions: Englesystem versions prior to 3.4.1 Description: Englesystem is a shift planning system for chaos events. The system performed insufficient validation of user-supplied data for the DECT number, mobile number, and work-log comment fields. This...

Vulnerability of the Server component: The MySQL Server database management system’s DDL functions allow attackers to gain privileged access or cause service interruptions.

Vulnerability of the MySQL Server component: The MySQL Server database management system has vulnerabilities due to insufficient validation of input data. Exploitation of these vulnerabilities can allow attackers to gain privileged access or cause service interruptions from a remote location...

The vulnerability of the Secure Channel component in Windows operating systems, which allows a hacker to cause a service failure

The vulnerability of the Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...

Vulnerability of the Cluster component: The general database management system of Oracle MySQL Cluster, which allows attackers to disclose sensitive information or cause service failures.

Vulnerability of the Oracle MySQL Cluster component: The general system management of databases in Oracle MySQL Cluster is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to disclose sensitive information or cause service failures...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. The WordPress Plugin suffers from a cross-site scripting vulnerability that stems from the...

DEBIAN-CVE-2021-21393

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

CVE-2019-1955

A vulnerability in the Sender Policy Framework SPF functionality of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking...