MINI-4V25-HVM2-HP78

Bulletin has no description...

CVE-2025-41270

CVE-2025-41270 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). The vulnerability is in the Console WebUI and stems from CWE-78, Improper Neutralization of Special Elements used in an OS Command (OS Command Injection). It allows remote unauthenticated attackers to execute a...

Astra Linux – Vulnerability in nss

During RSA key generation, bignum implementations used a variant of the Binary Extended Euclidean Algorithm, which involved significant input-dependent processes. This allowed attackers to perform electromagnetic-based side-channel attacks to capture traces that could lead to the recovery of secr...

Astra Linux – Vulnerability in Firefox and Thunderbird

If the Content Security Policy blocks frame navigation, the full destination of a redirect served within the frame is reported in the violation report; instead of just the original frame URI. This could be used to disclose sensitive information contained in such URIs. This vulnerability affects...

CVE-2025-70039

CVE-2025-70039 affects linagora Twake 2023.Q1.1223 with a CWE-78 OS command injection vulnerability. Base CVSS 3.1: 9.8 (_network, no auth, no user interaction, impact high for confidentiality, integrity, and availability). Root cause: improper neutralization of special elements used in an OS com...

CVE-2025-70039

An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223...

CVE-2025-70039

An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223...

CVE-2025-13738 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-20783

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.31.0 Description The systeminformation library for node.js is susceptible to command injection through unsanitized output from the locate command within the versions function. This occurs when detecting th...

MiracleLinux 4 : firefox-78.8.0-1.0.1.AXS4 (AXSA:2021-1566:06)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1566:06 advisory. Mozilla: Content Security Policy violation report could have contained the destination of a redirect CVE-2021-23968 Mozilla: Content Security Policy...

MiracleLinux 8 : firefox-78.10.0-1.0.1.el8 (AXSA:2021-1733:13)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1733:13 advisory. Mozilla: Out of bound write due to lazy initialization CVE-2021-23994 Mozilla: Use-after-free in Responsive Design Mode CVE-2021-23995 Mozilla: More...

CVE-2022-27868

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

PT-2025-53039

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0 78...

PT-2025-50113

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 5.0.0 through 5.0.2 Fortinet FortiSandbox versions prior to 4.4.7 Description An issue exists in Fortinet FortiSandbox that allows a remote privileged attacker to execute unauthorized code or commands. This is du...

Central Dogma 安全漏洞

Central Dogma is an open source service configuration version control repository based on Git, ZooKeeper and HTTP/2. A security vulnerability exists in Central Dogma versions prior to 0.78.0, which stems from an open redirect and could lead to phishing attacks and credential theft...

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29205)

"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504417; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29205";...

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29204)

"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504406; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29204";...

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2021-29206)

"A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 iLO 4 %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504401; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/11/13"; scriptcveid"CVE-2021-29206";...

CVE-2025-9997

CVE-2025-9997 relates to an OS command injection in BLMon Console (Schneider Electric) triggered during SSH sessions when running netstat. The root cause is improper neutralization of special elements in OS commands (CWE-78), potentially allowing execution of arbitrary shell commands on the affec...

CVE-2025-55048

Multiple CWE-78...