GHSA-7P93-6934-F4Q7 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

QNAP Systems QTS和QNAP Systems QuTS hero 路径遍历漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems of Taiwan, China. A path traversal vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from path traversal and could result in reading...

EUVD-2021-2910

Malicious code in bioql PyPI...

EUVD-2025-22767

Malicious code in bioql PyPI...

EUVD-2021-2879

Malicious code in bioql PyPI...

Marvell QConvergeConsole path traversal vulnerability (CNVD-2025-20445)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the getAppFileBytes method. An attacker could exploit the vulnerability to disclose information in the SYSTE...

Marvell QConvergeConsole 路径遍历漏洞

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the compressFirmwareDumpFiles method. An attacker could exploit this vulnerability to disclose information i...

PT-2025-1202 · Sap · Sap Gui For Java

Name of the Vulnerable Software and Affected Versions: SAP GUI for Java affected versions not specified Description: The issue is related to the disclosure of system data to unauthorized parties within a controlled area. An attacker with administrative privileges or access to the victim's user...

WAGO 安全漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is an electronic system designed for the operation of digital algorithms for applications in industrial environments. A security vulnerability exists in WAGO Unmanaged Switch 852-111/000-001 firmware version 01,...

CVE-2021-0291

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of...

Dell EMC ECS Exposes Resource Vulnerability

Dell EMC Elastic Cloud Storage ECS is a suite of scalable, software-defined object storage solutions from Dell, USA. An exposed resource vulnerability exists in Dell EMC ECS versions prior to 3.5, which arises from improper management of system resources e.g., memory, disk space, files, etc. by a...

Vulnerabilities fixed in Nginx

A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...