CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

PT-2026-38217

Name of the Vulnerable Software and Affected Versions ZTE H8102E affected versions not specified ZTE H168N affected versions not specified ZTE H167A affected versions not specified ZTE H199A affected versions not specified ZTE H288A affected versions not specified ZTE H198A affected versions not...

Adobe FrameMaker 2020 < 16.0.10 (2020.0.10) / Adobe FrameMaker 2022 < 17.0.8 (2022.0.8) Arbitrary Code Execution (APSB25-101)

The version of Adobe FrameMaker installed on the remote Windows host is prior to Adobe FrameMaker 2020 16.0.10 / Adobe FrameMaker 2022 17.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb25-101 advisory. - Heap-based Buffer Overflow CWE-122 potentially leading ...

PT-2025-15433 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU1 Ivanti Endpoint Manager versions prior to 2022 SU7 Description: The issue concerns improper certificate validation, allowing a remote unauthenticated attacker to intercept limited traffic...

Ivanti Endpoint Manager Code Issue Vulnerability

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager versions prior to 2022 SU4, which stems from the presence of XML External Entity Injection in the CSEP component, where external entity...

SUSE CVE-2022-34302

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...

Wire 安全漏洞

Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A security vulnerability exists in versions of Wire prior to 2022-12-09, whic...

CVE-2022-38754

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM Operations Bridge Manager user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is on...

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3, which stems from an XXE attack that can be performed via a request to a custom plugi...

GE CIMPLICITY HMI/SCADA Software 缓冲区错误漏洞

GE CIMPLICITY HMI/SCADA Software is an automated industrial platform from General Electric GE. It provides true client-server visualization and control from a single machine to plant locations around the world to help manage operations and improve decision making. A security vulnerability exists ...

Design/Logic Flaw

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's...

CVE-2022-2316

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site...

PT-2022-3095 · Omron · Omron Cs Series +1

Name of the Vulnerable Software and Affected Versions: Omron CS series, CJ series, and CP series PLCs versions prior to 2022-05-18 Description: The issue is related to the storage of the password for access to the Web UI in memory area D1449...D1452, which can be read out using the Omron FINS...

PT-2022-3087 · Jtekt · Jtekt Toyopuc Plcs

Name of the Vulnerable Software and Affected Versions: JTEKT TOYOPUC PLCs versions prior to 2022-04-29 Description: The issue is related to insufficient data authentication in the programmable logic controllers. This allows a remote attacker to execute arbitrary code. The controllers use the...

PT-2022-3158 · Emerson · Emerson Openbsi

Name of the Vulnerable Software and Affected Versions: Emerson OpenBSI versions prior to 2022-04-29 Description: The issue is related to the insecure storage of confidential information in the SecUsers.ini file, which can be exploited by a remote attacker to gain access to user credentials. The...

AZL-9848 CVE-2022-30785 affecting package ntfs-3g for versions less than 2022.5.17-1

A file handle created in fuselibopendir, and later used in fuselibreaddir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite...

CVE-2022-23968

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as so...