6 matches found
CVE-2026-40436
CVE-2026-40436 affects the ZTE ZXEDM iEMS product. The vulnerability is a password reset flaw that, due to improper access control on the cloud EMS portalʼs user-list interface, allows reading all user information and resetting passwords for obtained accounts. This could enable unauthorized opera...
CVE-2021-47849
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests...
CVE-2025-43732
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...
CVE-2025-43732
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...
SAP NetWeaver AS ABAP and ABAP Platform Information Disclosure Vulnerability (CNVD-2020-48592)
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver AS ABAP and ABAP Platform, which can be exploite...
Apache Pony Mail Information Disclosure Vulnerability
Apache Pony Mail is a plug-in with mail archiving, viewing and interaction capabilities from the Apache USA Software Foundation. A security vulnerability exists in the statistics generator in Apache Pony Mail versions 0.7 through 0.9, which stems from the statistics generator returning timestamp...