264 matches found
EUVD-2023-50901
Malicious code in bioql PyPI...
EUVD-2023-31068
Malicious code in bioql PyPI...
EUVD-2023-51723
Malicious code in bioql PyPI...
EUVD-2022-27411
Malicious code in bioql PyPI...
CVE-2025-10847 DX UIM Probe Improper ACL Handling RCE
DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...
CVE-2025-56869
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...
Advisory ROSA-SA-2025-2977
software: chromium-browser-stable 138.0.7204.92 WASP: ROSA-CHROME unaffected versions = chromium-browser-stable-138.0.7204.92-1 affected versions chromium-browser-stable-138.0.7204.92-1 CVE-ID: CVE-2025-6554 BDU-ID: 2025-07783 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the JavaScript scrip...
Wago CODESYS V2 Runtime Toolkit Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-34595)
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. This plugin only works with Tenable.ot. Please visit...
Linux Distros Unpatched Vulnerability : CVE-2016-10746
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to...
CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...
Linux Distros Unpatched Vulnerability : CVE-2025-38110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of- bounds clause 45 read/write access When using publicly...
Linux Distros Unpatched Vulnerability : CVE-2017-12154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The preparevmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02...
kernel: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 clause 45 mdiobus, there is no verificati...
CVE-2025-25268
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication...
PHOENIX CONTACT CHARX SEC-3xxx 访问控制错误漏洞
PHOENIX CONTACT CHARX SEC-3000 etc. are products of PHOENIX CONTACT, Germany.PHOENIX CONTACT CHARX SEC-3000 is an AC Charge Controller.PHOENIX CONTACT CHARX SEC-3050 is an AC Charge Controller.PHOENIX CONTACT CHARX SEC-3100 is an AC Charge Controller. PHOENIX CONTACT CHARX SEC-3100 is an AC charg...
SUSE CVE-2025-38111
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed ...
CVE-2025-38110 net/mdiobus: Fix potential out-of-bounds clause 45 read/write access
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 clause 45 mdiobus, there is no verificati...
The vulnerability in the ZendTo web application for transferring files involves an incorrect restriction on the path to the restricted directory. This allows a malicious actor to gain read and write access to data, or cause a service failure.
The vulnerability in the web application for transferring files via ZendTo is related to an incorrect restriction on the path to the restricted directory during the processing of the tmpname parameter. Exploiting this vulnerability can allow an attacker to gain read and modify access to data, or...
Keyoti SearchUnit 安全漏洞
Keyoti SearchUnit is a web search engine from Keyoti Canada. A security vulnerability exists in Keyoti SearchUnit versions prior to 9.0.0, which stems from a server-side request forgery issue that could result in configuration and log files being read or written...
CVE-2024-21021
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...