39 matches found
EUVD-2026-13836
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...
CVE-2018-18271
XSS exists in CMS Made Simple version 2.2.7 via the m1extra parameter in an admin/moduleinterface.php "Content--News--Add Article" action...
EUVD-2025-25022
Malicious code in bioql PyPI...
CVE-2025-26711
There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-26711
There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-26711
There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-26709
There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface...
CVE-2025-26709
CVE-2025-26709 affects ZTE F50 with an unauthorized access vulnerability due to improper permission control in the Web module interface. The root cause is insufficient access controls, allowing an attacker with adjacent access and low exploit complexity to obtain sensitive information via the Web...
PT-2025-33473 · Zte · Zte F50
Name of the Vulnerable Software and Affected Versions: ZTE F50 affected versions not specified Description: An unauthorized access issue exists in ZTE F50 due to improper permission control of the Web module interface. This allows an unauthorized attacker to obtain sensitive information through t...
CVE-2024-22067
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...
ROS-20250403-16
A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to an incorrect checking of X-Sendfile-Type header input in Rack::Sendfile during processing. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate log entries...
CVE-2020-9236
There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. Vulnerability ID: HWPSIRT-2020-0501...
CVE-2024-22067 ZTE NH8091 product has an improper permission control vulnerability
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...
CVE-2024-22067 ZTE NH8091 product has an improper permission control vulnerability
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands...
CVE-2024-1528
CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to ...
Huawei HarmonyOS 访问控制错误漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an issue in the WMS module where the interface is not properly authenticated, which cou...
CMS Made Simple <= 2.2.15 XSS Vulnerability
CMS Made Simple is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-43154
Cross Site Scripting XSS vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php...
CVE-2021-22479
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash...
CVE-2021-22480
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow...