Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2.11 / 11.0.x < 11.0.6 / 11.1.x < 11.1.4-h17 / 11.2.x < 11.2.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h11 or 10.2.x prior to 10.2.11 or 11.0.x prior to 11.0.6 or 11.1.x prior to 11.1.4-h17 or 11.2.x prior to 11.2.3. It is, therefore, affected by a vulnerability. A vulnerability in the Palo Alto Networks...

Linux Distros Unpatched Vulnerability : CVE-2024-26830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i40e: Do not allow untrusted VF to remove administratively set MAC Currently when PF administratively sets VF's MAC address and the VF is put down VF tries to...

Linux Distros Unpatched Vulnerability : CVE-2023-34237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the...

CVE-2024-40693

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing furth...

CVE-2024-55923

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

PT-2025-6278

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.16 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy versions 7.2.0 through 7.2.12 Description A critical authentication bypass issue exists in FortiOS and FortiProxy, potentially allowing a remote,...

CVE-2025-20123

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based...

CVE-2024-55514

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadsfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions...

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They're proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are...

PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Work around: We strongly recommend customers to ensure access to your management interface is...

ROS-20240814-05

A vulnerability in the "Save As" function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation. Thunderbird email client of Windows operating systems is related to insufficient input data validation. Exploitatio...

The vulnerability of Siemens LOGO programmable logic controllers’ software lies in the improper implementation of security functions for the user interface, allowing attackers to gain access to the controller.

The vulnerability of Siemens LOGO programmable logic controllers’ built-in software is related to the incorrect implementation of security functions for the user interface. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the controller...

CVE-2024-23188

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...

Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...

PT-2023-5856 · Supermicro · Supermicro X11Sse-F +1

Name of the Vulnerable Software and Affected Versions: Supermicro X11SSM-F version 1.66 Supermicro X11SAE-F version 1.66 Supermicro X11SSE-F version 1.66 Description: An issue exists in the web interface of Supermicro X11 series BMC IPMI servers due to inadequate protection of the web page...

CVE-2023-34237

SABnzbd (Usenet downloader) is affected by CVE-2023-34237 due to a design flaw in the Notification Script parameters that enables remote code execution with SABnzbd process privileges. Exploitation requires access to the web interface; remote access is possible if the instance is exposed to the i...

CVE-2023-34088 Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface

Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...

Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

Cisco Smart Software Manager On-Prem SSM On-Prem is a Cisco component for Cisco product license management. Cisco Smart Software Manager On-Prem SSM On-Prem suffers from a SQL injection vulnerability that originates from the web-based management interface not adequately validating user input. An...

PT-2023-2828 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Identity Services Engine ISE that could allow an authenticated attacker to delete or read arbitrary...

SICK FTMg 安全漏洞

SICK FTMg is a flow sensor from SICK, Germany. A security vulnerability exists in the SICK FTMg AIR FLOW SENSOR that stems from the presence of improper access control, which allows an unprivileged remote attacker to gain unauthorized access to data fields via the REST interface using an...