252 matches found
CVE-2024-5241
A vulnerability was found in Huashi Private Cloud CDN Live Streaming Acceleration Server up to 20240520. It has been classified as critical. Affected is an unknown function of the file /manager/ipconfignew.php. The manipulation of the argument dev leads to os command injection. It is possible to...
CVE-2024-31032
An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component...
CVE-2025-5029 Kingdee Cloud Galaxy Private Cloud BBC System File deleteFileAction.jhtml path traversal
A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the...
CVE-2025-5029 Kingdee Cloud Galaxy Private Cloud BBC System File deleteFileAction.jhtml path traversal
A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the...
CVE-2025-5029
Kingdee Cloud Galaxy Private Cloud BBC System (versions up to 9.0 Patch April 2025) contains a path traversal vulnerability in File Handler: BaseServiceFactory.getFileUploadService.deleteFileAction (fileUpload/deleteFileAction.jhtml) caused by unvalidated filePath input. Remotely exploitable; exp...
Kingdee Cloud Galaxy Private Cloud BBC System 路径遍历漏洞
Kingdee Cloud Galaxy Private Cloud BBC System is an all-inclusive cloud ERP system from China's Kingdee Kingdee. A path traversal vulnerability exists in Kingdee Cloud Galaxy Private Cloud BBC System versions V6.2 to V9.0, which stems from improper operation of the filePath parameter in the...
SAP S/4HANA Cloud Private 代码注入漏洞
SAP S/4HANA Cloud Private is a private cloud-deployed, enterprise-grade, intelligent ERP suite based on in-memory computing architecture from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA Cloud Private, which stems from a lack of input validation and authorization checking an...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.10 security and extras update
Red Hat OpenShift Container Platform release 4.18.10 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...
Private Networking in Distributed Compute Regions with VPC
...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in that a user with the "Edit Other Users" permission set, but not broader high-level permissions, can modify the properti...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access control...
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems ICS advisories on April 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-100-01 Siemens License Server ICSA-25-100-02 Siemens SIDIS Prime ICSA-25-100-03 Siemens...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in various products such as Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server and Solid Edge. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the...
Siemens Insights Hub Private Cloud
SUMMARY Insights Hub Private Cloud is affected by multiple vulnerabilities in Ingress NGINX Controller for Kubernetes. These vulnerabilities could lead to arbitrary code execution in the context of the ingress-nginx controller, or disclosure of Secrets accessible to the controller, or denial of...
VMware Aria Operations 安全漏洞
VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid, and multi-cloud environments from VMware, Inc. A security vulnerability exists in VMware Aria Operations that stems from a local elevation of privilege...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.1 bug fix and security update
Red Hat OpenShift Container Platform release 4.18.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...
CVE-2022-2664
A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcxmanagement/globalconfigquery of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launc...
VMware Aria Operations 安全漏洞
VMware Aria Operations is a unified, AI-driven, self-driving IT operations management platform for private, hybrid, and multi-cloud environments from VMware. A security vulnerability exists in VMware Aria Operations. An attacker could exploit the vulnerability to retrieve plug-in credentials...
CVE-2025-0659 Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaix™ Private Cloud
A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. A threat actor with admin privileges could...