306 matches found
PT-2026-21591
Name of the Vulnerable Software and Affected Versions free5GC SMF versions up to and including 1.4.1 Description free5GC SMF provides the Session Management Function for free5GC, an open-source project for 5G mobile core networks. The software experiences a panic and terminates when processing a...
CVE-2025-13649
An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the...
CVE-2025-13649
An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the...
CVE-2025-13649
An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the...
CVE-2025-13649 REFLECTED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB
An attacker with access to the web application ZeusWeb of the provider Microcom in this case, registration is not necessary, but the action must be performed who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Email’ parameters within the...
CVE-2025-13649
The CVE concerns ZeusWeb (provider Microcom) version 6.1.31 where an attacker with access to the web app can inject arbitrary JavaScript via an XSS payload in the Email field of the Recover password flow at the URL https://zeus.microcom.es:4040/index.html?zeus6=true. The vulnerability allows XSS ...
PT-2026-7660
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials...
CVE-2020-37122
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash...
CVE-2020-37122
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash...
CVE-2020-37122
Summary: CVE-2020-37122 affects SpotFTP-FTP Password Recover 2.4.8 and is described as a denial-of-service vulnerability triggered by a crafted registration code. According to the documents, an attacker can crash the application by providing a text file containing 1000 'Z' characters as the regis...
CVE-2020-37122 SpotFTP-FTP Password Recover 2.4.8 - Denial of Service
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash...
CVE-2020-37122 SpotFTP-FTP Password Recover 2.4.8 - Denial of Service
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash...
PT-2026-6817
Name of the Vulnerable Software and Affected Versions SpotFTP-FTP Password Recover version 2.4.8 Description The software contains a denial of service issue that allows attackers to crash the application. This is achieved by triggering a large buffer overflow. An attacker can create a text file...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005100)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005100 advisory. In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlogrecoverprocessdata There is a lack of verification of the space...
CVE-2026-22911
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004333)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004333 advisory. In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fsrecoverfsyncdata in fs/f2fs/recovery.c. This is...
CVE-2026-22911
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device...
f2fs: fix return value of f2fs_recover_fsync_data()
...
CVE-2025-68769
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fsrecoverfsyncdata With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsync /mnt/f2fs/foo f2fsio...
UBUNTU-CVE-2025-68769
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fsrecoverfsyncdata With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsync /mnt/f2fs/foo f2fsio...