22 matches found
EUVD-2025-14591
Malicious code in bioql PyPI...
CVE-2025-9108
Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...
CVE-2025-9108 Portabilis i-Diario Login Page ui layer
Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...
CVE-2013-5935
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended...
PT-2025-1001 · Moxa · Moxa Secure Routers +2
Name of the Vulnerable Software and Affected Versions: Moxa cellular routers, secure routers, and network security appliances versions 3.13.1 and earlier Description: The vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute...
The vulnerability of the Mozilla Firefox browser, related to improper restriction of the displayed user interface layers, allows attackers to perform spoofing attacks.
The vulnerability of the Mozilla Firefox browser is related to an improper limitation on the displayed layers of the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...
PT-2024-24221 · Totolink · Totolink Ex200
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to the lack of an authentication mechanism by default. This means that the device does not require users to authenticate before accessing its features, potentially...
CVE-2023-6093
The CVE-2023-6093 is linked to OnCell G3150A-LTE Series firmware v1.3 and earlier, where the vulnerability stems from improperly restricted frame objects, enabling clickjacking and potentially confusing users into interacting with the attacker’s interface. Affected component: frame embedding with...
PT-2023-5833 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 Description: The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, whi...
Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities (CVE-2013-4310 CVE-2013-4316)
Summary Security Bulletin: IBM SAN Volume Controller and Storwize Family security vulnerabilities CVE-2013-4310 CVE-2013-4316 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system via the IP interface may be obtained without authentication. Vulnerability...
PT-2022-26198 · Unknown · Mantenimiento Web Plugin
Name of the Vulnerable Software and Affected Versions: Mantenimiento web plugin versions = 0.13 Description: The issue is related to an authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker who has admin or higher privileges can inject malicious scripts into the websit...
Trudesk 安全漏洞
Chris Brame Trudesk is an open source helpdesk/ticketing solution from Chris Brame, USA. A security vulnerability exists in versions prior to Trudesk 1.2.2, which stems from an improper restriction in the UI layer or frames...
mySCADA myPRO 安全漏洞
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. A security vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to cause an additional, undocumented administrative account to exist in the affected product,...
PT-2021-8017 · Mozilla +2 · Firefox +2
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 94 Description: The issue is related to incorrect restriction of visualized layers in the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. When parsing internationalize...
yourls 安全漏洞
YOURLS is an open source PHP-based short linking platform. A security vulnerability exists in yourls, which stems from the fact that yourls is susceptible to improper restrictions on rendering UI layers or frames. An attacker could exploit this vulnerability to cause an operation to be performed...
Siemens SIMATIC Panels and WinCC (TIA Portal)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC Runtime Advanced, WinCC Runtime Professional, WinCC TIA Portal; HMI Panels Vulnerabilities: Use of Hard-coded Credentials, Insufficient Protection of Credentials,...
Security Bulletin: Intelligent Clusters Security Bulletin, 1410
Summary Security Bulletin: Intelligent Clusters Security Bulletin, 1410 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system via the IP interface may be obtained without authentication. Vulnerability Details --- CVEID: CVE-2013-4310 CVE-2013-4316 DESCRIPTION...
Information Disclosure Vulnerability in Multiple Intel Products (CNVD-2018-15595)
Intel Xeon Scalable processors, etc. are central processing unit CPU products of the U.S. company Intel. A security vulnerability exists in the UEFI setting restriction for DCI in several Intel products. The vulnerability can be exploited by an attacker to access sensitive information on the...
Huawei Enjoy 5 cell phone design flaw vulnerability
Huawei Enjoy 5 is a smartphone from the Chinese company Huawei Huawei. A design flaw vulnerability exists in previous versions of the Huawei Enjoy 5 phone, TIT-AL00C583B214, where an attacker could trick a user into installing a malicious program to call the interface and modify system properties...
Unbreakable Enterprise kernel security update
kernel-uek 2.6.32-400.37.18uek - IB/security: Restrict use of the write interface Jason Gunthorpe Orabug: 23641666 CVE-2016-4565...