EUVD-2025-34233

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

Fortinet FortiAnalyzer 授权问题漏洞

FortiAnalyzer is Fortinet's centralized security analysis and reporting platform. A security vulnerability exists in FortiAnalyzer that stems from a flaw in the authentication mechanism for OFTP requests. An attacker can exploit this vulnerability to obtain device operational status information o...

OESA-2025-2369 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Allocation of Resources Without Limits or Throttling...

OESA-2025-2368 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Allocation of Resources Without Limits or Throttling...

CVE-2025-59980

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

JLSEC-2025-31 An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature ...

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

JLSEC-2025-24 curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow ...

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing...

CVE-2025-21064

Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data...

PT-2025-41524

Name of the Vulnerable Software and Affected Versions Samsung Smart Switch versions prior to 3.7.66.6 Description A flaw exists in the authentication process of Smart Switch that could allow nearby attackers to gain access to data during transfers. This authentication bypass enables unauthorized...

PT-2025-41550

Name of the Vulnerable Software and Affected Versions V-SFT versions prior to 6.2.7.0 Description An out-of-bounds write vulnerability exists in the VS6ComFile!CItemDraw::is motion tween function. Opening specially crafted V-SFT files may lead to information disclosure, system crashes, and...

EUVD-2025-33567

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-35060 Newforma Info Exchange (NIX) stored XSS via SVG file upload

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-35060

CVE-2025-35060 concerns Newforma Info Exchange (NIX): the remote, authenticated attacker can upload SVG files via the Send a File Transfer feature, leading to stored XSS when the SVG content is rendered in a browser (notably with a mobile user agent). Several connected sources corroborate a cross...

EUVD-2025-33387

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

CVE-2025-59980

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

EUVD-2025-33264

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...