5 matches found
EUVD-2026-32947
EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...
๐ ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Directory Traversal
The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in...
Schneider Electric Easergy Studio Code Issue Vulnerability
Schneider Electric Easergy Studio is an IED support software for setup and configuration from Schneider Electric France. A code issue vulnerability exists in versions prior to Schneider Electric Easergy Studio v9.3.5 that stems from the presence of untrusted data deserialization, which could allo...
Apple iOS WebKit Memory Corruption Vulnerability
iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A memory corruption vulnerability exists in Apple iOS versions WebKit prior to 9.3.5, which can be exploited by an attacker to execute arbitrary code or cause a...
Apple iOS kernel suffers from information disclosure vulnerability
iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. An information disclosure vulnerability exists in the kernel of Apple iOS versions prior to 9.3.5, which can be exploited by an attacker to gain access to...