143 matches found
(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Vulnerability
This vulnerability allows network-adjacent attackers to access the management interface on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the management interface. The issue resul...
CVE-2025-6549
An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager J-Web. When Juniper Secure connect JSC is enabled on specific interfaces, or multiple interfaces are...
CVE-2025-5920
The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API...
CVE-2024-0910
The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...
CVE-2023-30467
This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially...
CVE-2025-3698
Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...
CVE-2025-3698
Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...
CVE-2025-3698
CVE-2025-3698 describes an interface exposure vulnerability in the mobile application com.transsion.carlcare (TECNO/Transsion). The available details indicate a potential information leakage risk. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) with a base score of 7.5 (HIGH) suggests e...
CVE-2025-3698
Interface exposure vulnerability in the mobile application com.transsion.carlcare may lead to information leakage risk...
PT-2025-16551
Name of the Vulnerable Software and Affected Versions com.transsion.carlcare affected versions not specified Description The issue is related to an interface exposure vulnerability in the mobile application, which may lead to information leakage risk. Recommendations At the moment, there is no...
CVE-2024-7595 GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet
GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered simil...
imgproxy 代码问题漏洞
imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A code issue vulnerability exists in imgproxy that stems from the presence of a server-side request forgery vulnerability against 0.0.0.0...
CVE-2024-55925
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...
vivo Wifi Module 安全漏洞
The vivo Wifi Module is a wireless module from the Chinese company Vivo. A security vulnerability exists in vivo Wifi Module, which originates from the wifi module exposing the interface, improperly controlling permissions, and leaking sensitive device information...
The vulnerability of the addRelatedObjects function in the universal monitoring system Zabbix allows attackers to increase their privileges.
The vulnerability of the addRelatedObjects function in the universal monitoring system Zabbix is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by sending specially crafted SQL queries...
Vulnerabilities fixed in Palo Alto PAN OS
Palo Alto Networks has actively fixed exploited vulnerabilities in PAN-OS. UPDATE Public PoC has now appeared to exploit CVE-2024-0012. The vulnerability with attribute CVE-2024-0012 allows a malicious person with access to the management web interface to gain administrator privileges. Through th...
PT-2024-26075 · Unknown · Universalcredentialmanager
Name of the Vulnerable Software and Affected Versions: UniversalCredentialManager versions prior to SMR Sep-2024 Release 1 Description: The issue is related to the incorrect use of privileged API in UniversalCredentialManager, allowing local attackers to access privileged API related to...
CVE-2024-38879
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions. The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumven...
PT-2024-20069 · Hms · Hms Anybus X-Gateway Ab7832-F
Name of the Vulnerable Software and Affected Versions: HMS Anybus X-Gateway AB7832-F 3 devices Description: The issue concerns the exposure of a web interface on port 80, allowing an unauthenticated GET request to a specific URL to trigger the reboot of the gateway or most of its modules. This ca...
CVE-2024-28965
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal...