UTT 1200GW 安全漏洞

UTT 1200GW is a wireless router produced by China's UT Technology Co., Ltd. The UTT 1200GW v2.5.3-170306 version contains a security vulnerability. This vulnerability stems from a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function, which could allow attackers...

CVE-2026-21722

A flaw was found in Grafana. Public dashboards with annotations enabled fail to limit their annotation time range to the locked time range of the public dashboard. This flaw allows an attacker to retrieve the entire history of annotations visible on that dashboard, including those outside the...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the FindAnnotations function. An attacker can access annotation data outside the intended time range by crafting requests that are not constrained by a time-range restriction...

CVE-2026-21722 Public Dashboards time range restriction on annotations can be bypassed

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools provided by Grafana Open Source, which offer a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability; this vulnerability stems from the...

UTT 520W 安全漏洞

The UTT Progress 520W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 520W suffers from a buffer overflow vulnerability that originates from the parameter timeRangeName in the fi...

PT-2025-49364

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A security issue exists in UTT 进取 520W version 1.7.7-180627 related to a buffer overflow. The strcpy function within the file /goform/formConfigDnsFilterGlobal is affected. Manipulation of the...

EUVD-2025-6558

Malicious code in bioql PyPI...

EUVD-2022-7683

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-4730

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler...

CVE-2017-1000415

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration beginning year extended delayed by 100 years...

CVE-2025-25612

FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...

CVE-2025-25612

FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...

CVE-2025-25612

FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...

CVE-2025-25612

CVE-2025-25612 affects FS Inc S3150-8T2F: XS Scripting in the Time Range Configuration of the administration interface. The vulnerability stems from improper sanitization in the Time Range Name field, allowing an attacker to inject JavaScript that executes in any user browser (including admins) w...

CVE-2025-25612

FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...

CVE-2024-50195 posix-clock: Fix missing timespec64 check in pc_clock_settime()

In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pcclocksettime As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tvsec and tvnsec range before calling ptp-info-settime64. As the man manual of...

MAL-2024-6271 Malicious code in 3scale-time-range (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Cross-site Scripting (XSS)

graphite-web is vulnerable to cross-site scripting. The vulnerability exists because the updateTimeRange function of dashboard.js does not properly escape the Absolute Time Range values before being rendered, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

graphite-web is vulnerable to cross-site scripting. The vulnerability exists because the updateTimeRange function of dashboard.js does not properly escape the Relative Time Range values before being rendered, allowing an attacker to inject and execute malicious javascript...