Phoenix Contact多款产品 代码问题漏洞

PHOENIX CONTACT AXC F 1152 and PHOENIX CONTACT AXC F 2152 are controller devices from the German company PHOENIX CONTACT. Several products from Phoenix Contact have code vulnerabilities. These vulnerabilities allow low-privilege local users to manipulate configuration or application-related files...

EUVD-2026-29961

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

PHOENIX CONTACT FL SWITCH 跨站脚本漏洞

PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A cross-site scripting vulnerability exists in PHOENIX CONTACT FL SWITCH versions prior to 3.50, which can be exploited by an unauthenticated, remote attacker to trick an authenticated user into clicki...

MAL-2025-181196 Malicious code in @akunsansan0/biru11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4af0f72010a0a237fab8e29284f0ace502532814af2f000ccc263876c0a6e9f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mulyono-wajit56-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cce72248caf8654513c266dd9504cd53be7b5311e921e02a2de3f73219c84683 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-116470 Malicious code in prospective_canid_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b8184d6210c4e4d2efc51af929d6da4b33ed14e3310c57d18155d1d3174a01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in citra-gorengan41-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09c2368c422173114df33aa3f4c6b5895229011fca5c7706af453640e56dd6ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-52455 Malicious code in tomi-empal69-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 861821462d0dffa39ab848a90625b3483ab066dcc70b66758376a435bfa4b0ae The package tomi-empal69-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded...

Linux Distros Unpatched Vulnerability : CVE-2024-1488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...

CVE-2024-6648

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'productitempath' within the 'config' JSON file, allowing them to read any file on the system...

CVE-2024-29211

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files...

PT-2024-8645 · Ivanti · Ivanti Secure Access Client

Name of the Vulnerable Software and Affected Versions: Ivanti Secure Access Client versions prior to 22.7R4 Description: A race condition in Ivanti Secure Access Client allows a local authenticated attacker to modify sensitive configuration files. This issue is related to synchronization errors...

SUSE CVE-2020-8030

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

CVE-2022-34446

PowerPath Management Appliance with versions 3.3 & 3.2 contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges e.g., of role Monitoring can exploit this issue and gain access to sensitive information, and modify the configuration...

CVE-2022-22248

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

PT-2022-15484 · 3S Smart Software Solutions · Codesys Control Runtime System

Name of the Vulnerable Software and Affected Versions: CODESYS Control runtime system affected versions not specified Description: A remote attacker could utilize the control program of the CODESYS Control runtime system to read and modify the configuration files of the affected products. The...

CVE-2018-10079

Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating 1 config.xml or 2 servers.xml...

CVE-2006-0567

Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." dot dot sequences...