47 matches found
CVE-2018-25224 PMS 0.42 Stack-Based Buffer Overflow via Configuration File
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...
PT-2026-6419
Summary An unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. Impact A local process on the same machine could execute arbitrary...
CVE-2025-11009
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 GOT2000 all versions and Mitsubishi Electric GT Designer3 Version1 GOT1000 all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT...
CVE-2025-64304
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
EUVD-2025-199539
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
CVE-2025-64304
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys...
EUVD-2021-8808
Malicious code in bioql PyPI...
CVE-2025-43730
Dell ThinOS 10, versions prior to 250810.0127, contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure...
CVE-2025-43730
Dell ThinOS 10, versions prior to 250810.0127, contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure...
CVE-2025-9036
A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection...
CVE-2025-26476
Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2025-26476
Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...
PT-2025-26715 · Unknown · Microscada X Sys600
Name of the Vulnerable Software and Affected Versions: MicroSCADA X SYS600 affected versions not specified Description: A vulnerability exists in the MicroSCADA X SYS600 product. If exploited, this could allow a local unauthenticated attacker to tamper with a system file, making denial of the...
Ivanti Connect Secure 22.x < 22.7R2.3
The Ivanti Connect Secure installed on the remote host is prior to 22.7R2.3. It is, therefore, affected by a information disclosure vulnerability in the admin portal. A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local...
CVE-2024-34787
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-34787
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-9843
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service...
CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-50323
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...
CVE-2024-50322
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required...