ABB多款产品 代码注入漏洞

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications...

ROS-20250505-05

The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...

CVE-2025-2082

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...

PT-2025-18327

Tesla Model 3 and Affected Versions Tesla Model 3 affected versions not specified Description This issue allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles without authentication. The flaw resides within the VCSEC module. An attacker can trigger an...

Atop Tool Installed (Linux / Unix)

Binary data atopnixinstalled.nbin...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from a login failure with a non-existing username that has a different execution tim...

CVE-2025-2586 Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk...

CVE-2025-2586

OpenShift Lightspeed Service is affected by unauthenticated API request flooding that can exhaust resources and cause service degradation or unavailability. The vulnerability arises from repeated queries to non-existent endpoints (for example, /api/v1/nonexistent), inflating metrics storage/proce...

PostQuantum-Feldman-VSS'S Dependency Vulnerability in gmpy2 Leading to Interpreter Crash

Description: PostQuantum-Feldman-VSS, a Python library implementing Feldman's Verifiable Secret Sharing scheme with post-quantum security, was vulnerable to denial-of-service attacks in versions up to and including 0.7.6b0. This vulnerability stems from the library's reliance on the gmpy2 library...

CVE-2025-24318 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Sensitive Cookie Without 'HttpOnly' Flag

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise...

CVE-2025-24849 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Cleartext Transmission of Sensitive Information

Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure...

CVE-2021-37698

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate...

CVE-2022-37681

Hitachi Kokusai Electric Newtork products for monitoring system Camera, Decoder and Encoder and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue...

CVE-2024-7933

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been classified as critical. Affected is an unknown function of the file login1.php of the component Backend Login. The manipulation of the argument user leads to sql injection. It is possible to launch the...

CVE-2024-49369

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

CVE-2024-42362

Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated user role RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0...

CVE-2024-42361

Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/monitorId/metric/metricFull endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection...

Sensaphone WEB600 Monitoring System Cross Site Scripting

The Sensaphone WEB600 Monitoring System was found to suffer from multiple persistent cross site scripting vulnerabilities...

CVE-2024-56144

CVE-2024-56144 / Librenms: A stored XSS in the display parameter of the /device/$DEVICE_ID/edit endpoint affects Librenms up to version 24.11.0. The underlying issue is insufficient input sanitization that allows injected scripts to execute when users view or interact with the affected page. The ...

CVE-2025-23198 Stored-XSS-LibreNMS-Display-Name in librenms

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.10.1 allow remote attackers to inject...