1166 matches found
CVE-2024-51224
Multiple cross-site scripting XSS vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the vehiclename, modelnumber, regnumber, vehiclesubtype,...
CVE-2026-4536
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacte...
PT-2026-24580
Name of the Vulnerable Software and Affected Versions MR-GM5L-S1 MR-GM5A-L1 Description An authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. Recommendations At the moment, there is no...
Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
EUVD-2026-7402
Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use TOCTOU vulnerability enables DNS rebindi...
Azure Linux 3.0 Security Update: kernel (CVE-2025-22079)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22079 advisory. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid...
EUVD-2026-0654
A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resourceaggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely...
PT-2026-1108
Name of the Vulnerable Software and Affected Versions Daptin version 0.10.3 Description A flaw exists in Daptin version 0.10.3 within the Aggregate API component. Specifically, the goqu.L function in the server/resource/resource aggregate.go file is susceptible to SQL injection. The issue arises...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992825)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992825 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992626)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992626 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but...
CVE-2025-67013
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...
CVE-2025-67013
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...
PT-2025-53594
Name of the Vulnerable Software and Affected Versions ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System version 1.8 Description The web management interface lacks Cross-Site Request Forgery CSRF protection mechanisms, specifically missing tokens and Origin/Referer validation, on...
EUVD-2025-205447
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...
CVE-2025-67013
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...
CVE-2025-67013
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery CSRF protection mechanisms no tokens, no Origin/Referer validation on critical configuration endpoints...
CVE-2025-67013
The CVE-2025-67013 entry concerns ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System v1.8. The web management interface does not implement CSRF protections (no tokens, no Origin/Referer validation) on critical configuration endpoints, per Red Hat and NVD entries. Affected component:...
CVE-2018-25153
Removed by vendor...
CVE-2021-47714
Hasura GraphQL Engine 1.3.3 is affected by a local file read vulnerability exploitable via SQL injection at the query endpoint, enabling reading arbitrary files on the server through PostgreSQL’s pg_read_file(). Root cause is unsanitized SQL path in the query endpoint that allows crafting queries...
OESA-2025-2852 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. Add a...