119 matches found
EUVD-2026-0675
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...
EUVD-2025-205347
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...
EUVD-2025-205183
In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be...
EUVD-2025-198212
A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is...
EUVD-2025-38181
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...
EUVD-2025-37836
EUVD-2025-37836...
EUVD-2025-37700
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data...
EUVD-2022-1075
Malicious code in bioql PyPI...
Security Bulletin: Vulnerabilities in dependencies affect IBM Common Licensing
Summary Security Vulnerabilities in dependencies affect IBM Common Licensing. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase ha...
Linux Distros Unpatched Vulnerability : CVE-2021-29272
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the script...
CVE-2025-55166
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...
GHSA-22WQ-Q86M-83FH svg-sanitizer Bypasses Attribute Sanitization
Problem The sanitization logic at https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.phpL454-L481 only searches for lower-case attribute names e.g. xlink:href instead of xlink:HrEf, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting...
CVE-2025-55166
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...
CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...
CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...
svg-sanitizer 输入验证错误漏洞
svg-sanitizer is a SVG format file cleaning tool by the individual developer Daryll Doyle. An input validation error vulnerability exists in versions of svg-sanitizer prior to 0.22.0, which stems from the cleanXlinkHrefs method searching only for lowercase attribute names, which could lead to...
Password Strength Detection Via Machine Learning: Analysis, Modeling, and Evaluation
As network security issues continue gaining prominence, password security has become crucial in safeguarding personal information and network systems. This study first introduces various methods for system password cracking, outlines password defense strategies, and discusses the application of...
Ensure That the Password Complexity Is Set Correctly
Simple passwords, including short passwords and passwords containing only digits or letters, are easy to guess by brute force cracking tools. As such, users are required to set complex passwords. For service scenarios with high security requirements, follow industry best practices. For example,...
PT-2024-9997 · Spring +1 · Spring Ldap +1
Name of the Vulnerable Software and Affected Versions: Spring LDAP versions 2.4.0 through 2.4.3 Spring LDAP versions 3.0.0 through 3.2.7 Description: The issue is related to insufficient case sensitivity checking in the String.toLowerCase and String.toUpperCase functions of the Spring LDAP projec...
GHSA-4GC7-5J7H-4QPH Spring Framework DataBinder Case Sensitive Match Exception
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...