11966 matches found
EUVD-2025-38173
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
EUVD-2025-38165
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
EUVD-2025-38167
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...
EUVD-2025-38182
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘searchterm’ parameter to the ‘NetworkServlet’ endpoint. Successful...
EUVD-2025-38177
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...
EUVD-2025-38175
SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...
EUVD-2025-38178
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitati...
EUVD-2025-38180
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpsearchvalue’ parameter to the ‘NetworkServlet’ endpoint. Successful...
EUVD-2025-37770
A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...
EUVD-2025-37769
A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...
EUVD-2025-37767
A denial of service vulnerability exists in the gassertnotreached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...
EUVD-2025-37774
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode...
EUVD-2025-37780
The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled i.e. in the default configuration. NOTE: The vendor believes that this vulnerability only occurs when...
EUVD-2025-37782
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...
EUVD-2025-37790
The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "getlocalizedata" function. This makes it possible for unauthenticated attackers to extract sensitive...
EUVD-2025-37814
Not used...
EUVD-2025-37813
Not used...
EUVD-2025-37800
Not used...
EUVD-2025-37783
Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
EUVD-2025-37816
The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...