EUVD-2018-21837

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS...

PT-2026-36001

Tenda FH303/A300 firmware V5.07.68 EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

SUSE-SU-2025:21009-1 Security update for tiff

This update for tiff fixes the following issues: tiff was updated to 4.7.1: Software configuration changes: Define HAVEJPEGTURBODUALMODE812 and LERCSTATIC in tifconfig.h. CMake: define WORDSBIGENDIAN via tifconfig.h doc/CMakeLists.txt: remove useless cmakeminimumrequired CMake: fix build with...

EUVD-2024-26223

Malicious code in bioql PyPI...

EUVD-2022-26212

Malicious code in bioql PyPI...

Support Statement - Veeam Software Appliance Customizations

Support Statement Installing additional Linux packages, third-party applications, or changing OS settings other than those that can be controlled via the Veeam Host Management Console on the Veeam Appliances is not supported. Veeam Customer Support cannot provide technical support for appliances...

Aide 安全漏洞

Aide is a tool for monitoring file system changes. It can be used to detect unauthorized monitored files and directories. A security vulnerability exists in versions prior to Aide 0.19.2, which stems from improper output neutralization and could lead to bypassing detection...

CVE-2024-29206

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge ADB and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18 and earlier UniFi...

CVE-2023-37412

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls...

Security Bulletin: IBM Aspera Faspex 5 has addressed multiple vulnerabilities (CVE-2023-37412, CVE-2023-37398, CVE-2023-37413, CVE-2023-35907)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Faspex 5.0.11 Vulnerability Details CVEID:CVE-2023-37412 DESCRIPTION: IBM Aspera Faspex could allow a privileged user to make system changes without proper access controls. CWE:CWE-284:...

CVE-2025-23118

CVE-2025-23118 affects Ubiquiti UniFi Protect Cameras. The root cause is improper certificate validation in the ubnt_avclient component, allowing authenticated network-adjacent attackers to bypass authentication and make unsupported changes to the camera system. Several sources (e.g., ZDI-25-376)...

CVE-2023-37412

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls...

CVE-2023-37412

CVE-2023-37412 affects IBM Aspera Faspex 5.0.0–5.0.10. The vulnerability is an improper access control that could let a privileged user make system changes. IBM’s advisory notes remediation in Faspex 5.0.11. Current sources show CVSS base score ~4.4–4.9 depending on vector; exploitation status is...

IBM Aspera Faspex 安全漏洞

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex that stems from allowing privileged users to make system changes without proper access controls...

CVE-2024-20473

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

SAP Unauthenticated WebService User Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Unauthenticated WebService User Creation', 'Description' = %q This module leverages an unauthenticated web service to submit a job which will...

Cross-Origin Resource Sharing (CORS) Bypass

github.com/usememos/memos is vulnerable to Cross-Origin Resource Sharing CORS Bypass. The vulnerability is due to a CORS misconfiguration where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true, which may allow an attacker to perform cross-origin requests,...

CVE-2024-5676 Paradox IP150 Internet Module Cross-Site Request Forgery

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery CSRF attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system...

CVE-2024-29206

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge ADB and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18 and earlier UniFi...

CVE-2024-29206

CVE-2024-29206 concerns multiple Ubiquiti UniFi devices. The issue is described as an improper access control that, if an attacker is authenticated in the API, can enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected products and versions include: UniFi Connect E...