55 matches found
CVE-2025-10907
An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location within the...
EUVD-2007-1848
Malware in sbrugna...
EUVD-2024-19521
Malicious code in bioql PyPI...
EUVD-2024-28720
Malicious code in bioql PyPI...
EUVD-2024-32852
Malicious code in bioql PyPI...
EUVD-2024-19523
Malicious code in bioql PyPI...
CVE-2025-27216
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges...
Yealink YMCS RPS 信任管理问题漏洞
Yealink YMCS RPS is a device management cloud service platform with integrated RPS functionality from China Yealink Yealink. A trust management issue vulnerability exists in Yealink YMCS RPS versions prior to 2025-05-26, which stems from the certificate upload function not properly validating the...
CVE-2024-6003
CVE-2024-6003 affects Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. The vulnerability is in an unknown function of the file /api/v2/maps, caused by manipulation of the argument orderColumn that leads to SQL injection . It can be exploited remotely, and the exploit has...
CVE-2024-30801
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component...
Command Execution Vulnerability in Micro Service Platform of Puyuan Information Technology Co.
Puyuan Information Technology Co., Ltd. is a professional provider of software infrastructure platform middleware in China, mainly providing innovative and reliable software infrastructure platform products and corresponding technical services for customers in the financial, governmental affairs,...
CVE-2024-21915
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...
CVE-2024-21915
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...
Privilege escalation
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...
CVE-2024-21915 Rockwell Automation FactoryTalk® Service Platform Elevated Privileges Vulnerability Through Web Service Functionality
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...
CVE-2024-21915 Rockwell Automation FactoryTalk® Service Platform Elevated Privileges Vulnerability Through Web Service Functionality
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...
Vulnerability fixed in Rockwell Automation FactoryTalk Service Platform
Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform FTSP. An authenticated malicious party could exploit the exploit the vulnerability to grant themselves elevated privileges and gain access to FTSP as an Administrator. For successful misuse, the malicious party must hav...
Rockwell Automation FactoryTalk Service Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION : Exploitable remotely Vendor : Rockwell Automation Equipment : FactoryTalk Service Platform Vulnerability : Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious users...
PT-2024-1821 · Rockwell Automation · Rockwell Automation Factorytalk Service Platform
Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk Service Platform FTSP affected versions not specified Description: A privilege escalation vulnerability exists in the software. If exploited, a malicious user with basic user group privileges could potentially...
Vulnerability fixed in Rockwell Automation FactoryTalk
Rockwell Automation has fixed a vulnerability in FactoryTalk Service Platform. A malicious party could exploit the vulnerability to obtain the Service Token to gain unauthorized access gain unauthorized access to other FactoryTalk systems connected to the infrastructure. Once gained access, the...