20 matches found
CVE-2026-35408
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...
Biztalk360 安全漏洞
Biztalk360 is an integrated operation and monitoring platform developed by the British company Biztalk360. Versions of Biztalk360 prior to 11.5 contained security vulnerabilities. These vulnerabilities were due to improper access control; any user could request the loading of DLL files. Attackers...
IGEL OS < 11.0.0 Secure Boot bypass (CVE-2025-47827)
The version of IGEL OS running on the remote host is prior to version 11. It is, therefore, affected by a cryptographic signature verification vulnerability in the igel-flash-driver module. An attacker could exploit this flaw to bypass Secure Boot protections. By leveraging the improper...
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
Hewlett Packard Enterprise HPE has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE identifier CVE-2025-37164 , carries a CVSS score of 10.0. HPE OneView is an IT...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
CVE-2025-40742
A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions V11.0, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions V11.0, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions V11.0, SIPROTEC 5 6MD89 CP300 All versions V11.0, SIPROTEC 5...
PT-2023-25670 · Kratos · Kratos Ngc Indoor Unit
Name of the Vulnerable Software and Affected Versions: Kratos NGC Indoor Unit IDU versions prior to 11.4 Description: The issue allows remote attackers to obtain arbitrary control of the IDU/ODU system due to missing authentication for a critical function. Attackers with layer-3 network access to...
CVE-2022-45468
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...
Netapp StorageGRID 授权问题漏洞
Netapp StorageGRID is a suite of object storage solutions from US-based NetApp Netapp. A security vulnerability exists in versions of StorageGRID formerly known as StorageGRID Webscale prior to 11.6.0 that could allow disabled, expired, or locked external user accounts to access S3 data to which...
Micro Focus Solutions Business Manager 授权问题漏洞
Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. An authorization...
Cisco Data Center Network Manager SQL注入漏洞
Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SQL injection vulnerability exists in the REST API endpoint of Cisco Data Center...
CVE-2020-27488
Loxone Miniserver devices with firmware before 11.1 aka 11.1.9.3 are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices or attackers who are spoofing these devices can continue to use an unauthenticated cloud service for an...
GitLab Directory Traversal Vulnerability (CNVD-2019-08323)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab community and...
FreeBSD NFS Server Code Flaw Vulnerability (CNVD-2018-26669)
FreeBSD is a set of Unix-like free operating systems in the FreeBSD project run by the Core Team, and is an important branch of Unix-like operating systems developed through BSD, 386BSD, and 4.4BSD.NFS server is one of the network file system servers. A security vulnerability exists in the NFS...
Apple Safari and iOS WebKit Page Loading Address Bar Spoofing Vulnerability
Apple Safari and iOS are both products of Apple Inc. Apple Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; iOS is a set of operating systems developed for mobile devices. WebKit is an open source web browser engine developed by the KDE...
Apple iOS and tvOS App Store Man-in-the-Middle Attack Vulnerability
Apple iOS and tvOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. tvOS is an operating system for smart TVs. app Store is an application store component. A security vulnerability exists in the App Store component of Apple iOS before 11.2 and tvOS...
Apple Safari Address Forgery Vulnerability
Apple Safari is a web browser developed by Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems.Safari is one of the specialized components used for the Safari browser.... A security vulnerability exists in the Safari component of Apple Safari versions prio...
Apple iOS and tvOS HomeKit Security Bypass Vulnerability
Apple iOS and tvOS are both products of the American company Apple. The former is an operating system for mobile devices; the latter is an operating system for smart TVs, of which HomeKit is a smart home platform component. A security bypass vulnerability exists in the HomeKit component in Apple...
Apple iOS Mail MessageUI Memory Corruption Vulnerability
Apple iOS is an operating system developed by Apple for mobile devices.Mail MessageUI component is one of the mail and SMS components. A memory corruption vulnerability exists in the Mail MessageUI component in Apple iOS versions prior to 11. A remote attacker can exploit this vulnerability to...
CVE-2017-6636
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HT...