Dell PowerProtect Data Domain 安全漏洞

Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Security vulnerabilities exist in versions 7.7.1.0 to 8.5 of Dell PowerProtect Data Domain BoostFS, as well as in versions 8.3.1.0 to...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for integrating, cleansing and transforming data from disparate sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from insufficient credential protection and...

PT-2026-25773

Name of the Vulnerable Software and Affected Versions AWS API MCP Server versions 0.2.14 through 1.3.8 Description The AWS API MCP Server, used to enable AI assistants to interact with AWS services, has an issue where file access restrictions can be bypassed. This affects the 'no-access' and...

CVE-2025-14096

CVE-2025-14096 describes a vulnerability in multiple Radiometer products where an attacker with physical access to the analyzer can potentially extract credential information due to a weakness in the operating system’s credential protection. The issue is rooted in design weaknesses within the OS ...

WordPress Plugin SurveyFunnel - Survey Plugin for WordPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in SurveyFunnel - Survey Plugin for WordPress...

CVE-2025-20305

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrato...

CVE-2025-10720 WP Private Content Plus <= 3.6.2 - Password Protection Bypass

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password...

EUVD-2025-25501

Malicious code in bioql PyPI...

EUVD-2021-33235

Malicious code in bioql PyPI...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Adobe Experience Manager content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the cookie-consent management module on Drupal COOKiES websites stems from the lack of measures taken to protect the website structure. This allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the cookie-consent management module on Drupal COOKiES websites is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the IDE Assets component in the Xcode development environment allows a hacker to gain unauthorized access to protected information.

The vulnerability of the IDE Assets component in the Xcode development environment is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the RP_UpgradeFWByBBS() function in the microprogrammed software for Linksys wireless signal amplifiers allows a intruder to execute arbitrary commands.

The vulnerability of the RPUpgradeFWByBBS function in the Linksys wireless signal amplifiers’ software relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands by sending a specially crafted...

The vulnerability of the FrontBoard component in iPadOS and iOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the FrontBoard component in iPadOS and iOS operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerability of the Golang programming language, related to insufficient protection of sensitive data, allows attackers to gain unauthorized access to user credentials.

The vulnerability of the Golang programming language is related to insufficient protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to account information...

The vulnerability of the ArcGIS Server server, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of ArcGIS Server is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Core server component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle HTTP Server is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...