TP-Link Omada Switches 安全漏洞

TP-Link Omada switches are a series of switches produced by TP-Link, a Chinese company. The TP-Link Omada switches have security vulnerabilities. These vulnerabilities stem from insufficient validation of the web interface, which may lead to out-of-bound memory access when processing specially...

PT-2026-5391

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

Cisco Unified Contact Center Express 代码问题漏洞

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...

DEBIAN-CVE-2025-40085

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in trytoregistercard In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check, which will lead to a NULL pointer dereference...

CVE-2025-40085 ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in trytoregistercard In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check, which will lead to a NULL pointer dereference...

CVE-2025-40085 ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in trytoregistercard In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check, which will lead to a NULL pointer dereference...

SICK AG Enterprise Analytics 安全漏洞

SICK AG Enterprise Analytics is a package analytics software from SICK AG, Germany. A security vulnerability exists in SICK AG Enterprise Analytics that stems from an API endpoint that does not adequately validate input data, which could lead to altered or diluted log entries...

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

Salesforce Tableau Server 安全漏洞

Salesforce Tableau Server is a data visualization and analytics platform from Salesforce, Inc. A security vulnerability exists in Salesforce Tableau Server versions prior to 2025.1.3, prior to 2024.2.12, and prior to 2023.3.19, which stems from insufficient validation of the validate-initial-sql...

Vulnerabilities fixed in Cisco Unified Intelligence Center

Cisco has fixed vulnerabilities in Cisco Unified Intelligence Center. The vulnerabilities are in how Cisco Unified Intelligence Center's API validates user parameters. This can lead to privilege escalation, where authenticated attackers can gain unauthorized access to other users' sensitive data...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A cross-site scripting vulnerability exists in Google Chrome prior to version 129.0.6668.58, which stems from insufficient UI gesture validation in Omnibox on the Android platform, and can be exploited by an attacker to inject...

ZTE MC801A 安全漏洞

The ZTE MC801A/MC801A1 are both a 5g indoor WiFi router from China's ZTE ZTE. The ZTE MC801A and MC801A1 suffer from a buffer overflow vulnerability, which stems from insufficient validation of web interface parameters and can be exploited by attackers to conduct denial of service attacks...

Cisco Firepower Management Center 跨站脚本漏洞

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. Cisco Firepower Management Center FMC suffers from a cross-site scripting vulnerability that originates from insufficient validation of user-supplied input in the web management interface,...

CVE-2023-20189

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

CVE-2022-25258

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests ones with a large array index and ones associated with NULL function pointer retrieval. Memory corruption might occur...

PostgreSQL JDBC Driver 安全漏洞

The PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol. A security vulnerability exists in the PostgreSQL JDBC Driver or PgJDBC for short that stems from the instantiation of plugin instances by the class na...

Fortinet FortiWLC 访问控制错误漏洞

The Fortinet FortiWLC is a wireless LAN controller from Fortinet. An access control error vulnerability exists in the Fortinet FortiWLC, which arises from the product's GUI restrictions not validating the user's identity. The vulnerability can be exploited to execute arbitrary commands. The...

PT-2021-4664 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software. These vulnerabilities could...