3966 matches found
CVE-2025-2902
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platfo...
CVE-2025-2902
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platfo...
CVE-2025-2902
CVE-2025-2902 describes an improper authorization vulnerability in the maintenance utility (management GUI) of Hitachi Virtual Storage Platform family. Affected products include Hitachi Virtual Storage Platform E390/E590/E790/E990/E1090 and E390H/E590H/E790H/E1090H (before DKCMAIN Ver. 93-07-26-x...
EUVD-2025-210368
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platfo...
CVE-2025-2902 Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform
Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-07-26-xx/00, GUM Ver. 93-07-26/00; Hitachi Virtual Storage Platfo...
CVE-2026-50742
A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...
CVE-2026-50742
CVE-2026-50742 describes a stored XSS in Revive Adserver 6.0.7, occurring in the maintenance tools, specifically in the files maintenance-acl-check.php and maintenance-banners-check.php . The root cause is that entity names are displayed without proper escaping when inconsistencies are detected, ...
EUVD-2026-39603
A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...
CVE-2026-50742
A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...
CVE-2026-50742
A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...
CVE-2026-43920
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
The vulnerability of the net/batman-adv/bat_iv_ogm.c module in the Linux operating system allows a hacker to trigger a system failure during maintenance operations.
The vulnerability of the net/batman-adv/bativogm.c module in the Linux operating system is related to incorrect calculations of buffer size. Exploiting this vulnerability can allow an attacker to cause a service failure...
PT-2026-52650
Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description Stored Cross-Site Scripting XSS occurs in the maintenance-acl-check.php and maintenance-banners-check.php tools. The issue arises when entity names are displayed without proper escaping during the...
CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
CVE-2026-43920
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
CVE-2026-43920
CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...
CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
PT-2026-52177
Name of the Vulnerable Software and Affected Versions Tealium iQ Tag Management versions 0.0.0 through 2.4.0 Description Improperly controlled modification of dynamically-determined object attributes in the Tealium iQ Tag Management module allows for Object Injection. This occurs because the...
Untrusted Search Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the PATH environment variable influencing the selection of the trash executable during maintenance tasks. An attacker can execute unintended local executables by...
CVE-2026-46935
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...