10 matches found
CVE-2026-1185
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...
CVE-2026-1185
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...
pnpm vulnerable to Command Injection via environment variable substitution
Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...
CVE-2025-36748 Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X
ShineLan-X contains a stored cross site scripting XSS vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious...
Open Library Foundation VuFind 安全漏洞
Open Library Foundation VuFind is an open source library resource discovery Discovery system from the Open Library Foundation. A security vulnerability exists in Open Library Foundation VuFind version 2.0 through versions prior to 9.1.1, which stems from the presence of a server-side request...
PT-2024-21120 · Open Library Foundation · Vufind
Name of the Vulnerable Software and Affected Versions: Open Library Foundation VuFind versions 2.0 through 9.1 before 9.1.1 Description: A Server-Side Request Forgery SSRF vulnerability in the "/Upgrade/FixConfig" route allows a remote attacker to overwrite local configuration files to gain acces...
Medium: c-ares
Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...
CVE-2023-35890
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...
SharpAppLocker - C# Port Of The Get-AppLockerPolicy PS Cmdlet
C port of the Get-AppLockerPolicy PS cmdlet / | | / \ | | | | \ --.| | / /\ \ | | | | --. \ ' \ / | '| ' | | ' | ' | | / \ / | |/ / \ '| // / | | | | | | | | | | | | | | | | || | | / | /|| ||,|| | ./| |/ ./| ./// ||\|| | | | | | | || || || V1.0.0 - by Flangvik & JeanMaes1994 Usage: -h,...
SOL14410 - Multiple MySQL vulnerabilities
Vulnerability Recommended Actions To eliminate these vulnerabilities, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. For Enterprise Manager, if you are unable to upgrade to 3.1.0, you can mitigate the remote vulnerability by configurin...