15893 matches found
GHSA-GGXW-G3CP-MGF8 FUXA Unauthenticated Remote Arbitrary Device Tag Write
Summary Description An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10. Impact This affects all deployments, including those...
Missing Authentication for Critical Function
Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the upload API. An attacker can overwrite arbitrary files on the server filesystem by sending crafted...
Missing Authentication for Critical Function
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the upload API. An attacker can overwrite arbitrary files on the server filesystem by sending crafted request...
PT-2026-6564
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...
PT-2026-6570
Name of the Vulnerable Software and Affected Versions Free Desktop Clock version 3.0 Description Free Desktop Clock 3.0 contains a stack overflow issue in the Time Zones display name input. This allows attackers to overwrite Structured Exception Handler SEH registers. Exploitation involves crafti...
Ubuntu 24.04 LTS : GitHub CLI vulnerabilities (USN-8012-1)
The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8012-1 advisory. It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An...
CVE-2026-25575
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...
CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...
CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...
CVE-2026-25575
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...
CVE-2025-69618
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...
CVE-2025-69618
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information...
CVE-2026-20986
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...
CVE-2026-20986
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...
DNN - Unrestricted Arbitrary File Upload
DNN formerly DotNetNuke \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no...
EUVD-2026-5389
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...
CVE-2026-20986
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...
CVE-2026-20986
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...
CVE-2026-20986
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...
CVE-2026-20986
The vulnerability CVE-2026-20986 affects Samsung Members prior to Chinese version 15.5.05.4. A path traversal flaw allows local attackers to overwrite data within the Samsung Members application. The issue is confirmed in multiple sources (e.g., Red Hat, NVD, CVE records) and is tied to the Samsu...