276237 matches found
Drive Software Free Desktop Clock 安全漏洞
Drive Software Free Desktop Clock is a clock software developed by the Drive Software company. Version 3.0 of Drive Software Free Desktop Clock contains a security vulnerability. This vulnerability stems from a stack overflow issue when entering time zone names, which may lead to the execution of...
PT-2026-7184
Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.2.10 Description FUXA is a web-based Process Visualization software. A flaw exists that allows a remote, unauthenticated attacker to gain administrative access and execute arbitrary code on the server. This is possible...
PT-2026-6523
EVE: SSH as Root Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...
PT-2026-6662
Name of the Vulnerable Software and Affected Versions FUXA versions through 1.2.9 Description FUXA is a web-based Process Visualization software. An authorization bypass allows a remote attacker to modify device tags via WebSockets. Exploitation bypasses role-based access controls, enabling...
Mitsubishi Electric FREQSHIP-mini 安全漏洞
Mitsubishi Electric FREQSHIP-mini is an automatic power supply shutdown software developed by Mitsubishi Electric, a Japanese company. There are security vulnerabilities in the versions of Mitsubishi Electric FREQSHIP-mini from 8.0.0 to 8.0.2. These vulnerabilities stem from improper default...
PT-2026-6581
Name of the Vulnerable Software and Affected Versions 10-Strike Network Inventory Explorer version 9.03 Description The software contains a buffer overflow issue in the file import functionality that enables remote attackers to run code without authorization. An attacker can create a specially...
GCafé 代码问题漏洞
GCafé is a software developed by the GCafé company. Version 3.0 of GCafé has code vulnerabilities; these vulnerabilities stem from service paths in the gbClientService that are not properly quoted. This could allow local attackers to execute arbitrary code and gain elevated privileges...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1412)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1412 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expecte...
Tanium Deploy 安全漏洞
Tanium Deploy is a software management module developed by the American company Tanium. Tanium Deploy has a security vulnerability, which stems from improper input validation...
📄 Online Admission Software 2.6 Insecure Direct Object Reference
Online Admission Software version 2.6 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 IDOR...
OPENSUSE-SU-2026:10150-1 cockpit-subscriptions-14.4-2.1 on GA media
These are all security issues fixed in the cockpit-subscriptions-14.4-2.1 package on the GA media of openSUSE Tumbleweed...
Important: python-pip
Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...
PT-2026-6872
Name of the Vulnerable Software and Affected Versions tracker-extract version 3.7.1-1ubuntu0.1 tracker-miner-fs version 3.7.1-1ubuntu0.1 Description The software can crash when processing specific malformed MP3 files. This could lead to a denial of service or potentially allow for arbitrary code...
Oracle Linux 9 : python3.12-wheel (ELSA-2026-1939)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1939 advisory. 0.41.2-3.1 - Security fix for CVE-2026-24049 Resolves: RHEL-143652 Tenable has extracted the preceding description block directly from the Oracle Linux security...
DEBIAN-CVE-2025-22873
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...
CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...
CVE-2019-25276
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...
CVE-2019-25267 Wing FTP Server 6.0.7 - Unquoted Service Path
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be launche...
CVE-2024-51451 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2024-43181
IBM Concert Software versions 1.0.0–2.1.0 do not invalidate sessions after logout, enabling an authenticated user to impersonate another user. Red Hat and ENISA entries confirm this behavior across multiple feeds. Root cause: insufficient session invalidation on logout. Impact: potential account ...