42 matches found
Vulnerabilities fixed in Synology SSL VPN Client
Synology has fixed vulnerabilities in Synology SSL VPN Client. A malicious party can exploit these vulnerabilities because Synology SSL VPN Client with version before 1.4.5-0684 stores PINs insecurely and does not adequately shield files via a local HTTP server component. This can lead to...
PDF-XChange Editor 代码问题漏洞
PDF-XChange Editor is a PDF file viewing software developed by PDF-XChange Company, which runs on Microsoft Windows systems. PDF-XChange Editor has a code vulnerability that stems from the TrackerUpdate process loading libraries from an insecure location, which may lead to local privilege...
CVE-2026-0383
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...
EUVD-2026-5262
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...
CVE-2026-0383
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...
Broadcom Brocade Fabric OS 安全漏洞
Broadcom Brocade Fabric OS is an embedded operating system used in switches and routers by Broadcom Corporation. There is a security vulnerability in Broadcom Brocade Fabric OS. This vulnerability stems from local attackers with access to the Bash shell being able to access the content of...
EUVD-2026-3687
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed...
CVE-2025-43486
A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update...
CVE-2024-1595
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed...
CVE-2024-1595 Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Element
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed...
Rockwell FactoryTalk Services Platform < 6.20 Deserialization
The version of Rockwell FactoryTalk Services Platform installed on the remote Windows host is prior to 6.20. It is, therefore, affected by a vulnerability. - Factory Talk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCP/8082, which can insecurely deserialize untrusted...
CVE-2023-50974
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a /.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials...
CVE-2022-42451 HCL BigFix Patch Management is vulnerable to insecurely stored credentials
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user...
CVE-2023-32202
Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device...
CVE-2023-1663 Authenticated Resources Accessible via Forced Browsing
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...
The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries
Overview The installers of ELECOM Camera Assistant and QuickFileDealer provided by ELECOM CO.,LTD. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA...
Khan Academy: xss due to incorrect handling of postmessages
Due to Insecure handling of create link tags a tags in a function called autolink found in 7Bmt.af733e428f9f986dfc96.js js e = n.autolinke, !0; const n = function const e = /\b?:?:https?://|www\d0,3.|a-z0-9.-+.a-z2,4/?:^\s&+|&|?:^\s|?:^\s+\+?:?:^\s|?:^\s+\|^\s!\;:'".,?«»“”‘’&/gi; return...
GHSA-VQF9-V3HC-WR54 keycloak-httpd-client-install symlink attack vulnerability
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link...
CVE-2022-26081
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer...
Input validation
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks...