CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

CVE-2026-9246

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 throug...

PT-2026-37648

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection affected versions not specified Description Insufficient validation of user-supplied input in the web-based management interface allows an authenticated remote attacker to execute arbitrary code as root. This is achieved...

The vulnerability of the Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) management platforms exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands with root privileges.

The vulnerability of the Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC platforms exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privilege...

Ivanti Endpoint Manager Mobile 代码注入漏洞

Ivanti Endpoint Manager Mobile EPMM is an enterprise-grade mobile device management solution for centralized management and protection of mobile devices in the enterprise, supporting device enrollment, application distribution, security policy enforcement, and more. A code execution vulnerability...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from an access token that...

CVE-2024-44757

CVE-2024-44757 describes an arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0, exploitable via a crafted interface request that can expose sensitive files. The initial data indicates a high-severity impact (C:H/I:N/A:N, CVSS 3....

CVE-2024-44759

An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request...

CVE-2024-44759

An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request...

CVE-2022-4003

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request...

Motorola Q14 安全漏洞

The Motorola Q14 is a mesh router system from Motorola USA. A security vulnerability exists in Motorola Q14 versions prior to v1.5.0.16, which stems from a denial of service vulnerability that could allow an authenticated user to trigger an internal service restart via a specially crafted API...

PT-2024-21971 · Ladder · Ladder

Name of the Vulnerable Software and Affected Versions: Ladder versions 0.0.1 through 0.0.21 Description: The issue allows a remote attacker to obtain sensitive information via a crafted request to the API. Recommendations: For versions 0.0.1 through 0.0.21, update to a version that contains a fix...

DEBIAN-CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

CVE-2018-6413

There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack service interruption via a crafted network setting interface request...