80 matches found
CVE-2025-8875 Insecure Deserialization Vulnerability
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1...
CVE-2025-8876 Command Injection Vulnerability
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1...
CVE-2025-8876 Command Injection Vulnerability
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1...
EUVD-2025-24822
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1...
CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. N-able N-central is a Remote Monitoring and Management RMM platform designed...
N-able N-central 安全漏洞
N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.3.1 that stems from the fact that...
N-able N-central 操作系统命令注入漏洞
N-able N-central is an RMM platform from N-able Canada Inc. provides large-scale management, automation and orchestration capabilities for sophisticated MSPs and IT professionals. A security vulnerability exists in N-able N-central versions prior to 2025.3.1, which stems from insufficient input...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-8875link is external N-able N-central Insecure Deserialization Vulnerability CVE-2025-8876link is external N-able N-central Command Injection Vulnerability...
PT-2025-33076
Name of the Vulnerable Software and Affected Versions: N-able N-central versions prior to 2025.3.1 Description: Improper Input Validation in N-able N-central allows for OS Command Injection. This issue enables the execution of arbitrary operating system commands due to insufficient validation of...
PT-2025-33075
Name of the Vulnerable Software and Affected Versions: N-able N-Central versions prior to 2025.3.1 N-able N-Central versions prior to 2024.6 Hotfix 2 Description: A deserialization of untrusted data issue exists in N-able N-Central, potentially allowing for local execution of code. This...
VulnCheck KEV: CVE-2025-8875
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1...
VulnCheck KEV: CVE-2025-8876
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1...
N-able N-Central Command Injection Vulnerability
N-able N-Central contains a command injection vulnerability via improper sanitization of user input...
CVE-2023-47131
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file...
CVE-2023-47132
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls...
CVE-2023-30297
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server...
CVE-2023-27470
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...
The vulnerability of the N-able N-central monitoring and management platform for IT infrastructure lies in the incorrect restriction on the path name to the catalog, allowing attackers to read arbitrary files.
The vulnerability of the N-able N-central monitoring and management platform relates to an incorrect limitation on the path name for the /WEB-INF directory in the Apache Tomcat application. Exploiting this vulnerability allows a malicious actor to read arbitrary files...
CVE-2024-28200
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the...
N-able Ecosystem Agent 安全漏洞
N-able Ecosystem Agent is an agent system from N-able Canada. A security vulnerability exists in N-able Ecosystem Agent that stems from not properly validating SSL/TLS certificates, which could allow a malicious actor to perform man-in-the-middle operations and intercept traffic between the agent...