1826 matches found
CVE-2025-67030
A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user. Mitigation Mitigation for this issue is either not...
EUVD-2025-208957
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
CVE-2025-41660
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
CVE-2025-41660 CODESYS Control Boot Application Replacement Enables Code Execution
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
CVE-2025-41660
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
PT-2026-27350
Name of the Vulnerable Software and Affected Versions CODESYS Control Runtime System affected versions not specified Description A remote attacker with limited privileges may be able to replace the boot application of the CODESYS Control runtime system. Successful exploitation could lead to...
CODESYS Control runtime system 安全漏洞
CODESYS Control runtime system is a control system runtime software developed by the German company CODESYS. It enables the execution of control logic for industrial automation devices. There is a security vulnerability in CODESYS Control runtime system. This vulnerability arises from the...
Siemens APE1808 Weak Authentication (CVE-2024-48886)
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1...
Siemens APE1808 Out-of-bounds Write (CVE-2024-21762)
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0...
EUVD-2025-208901
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
CVE-2025-62846
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
CVE-2025-62846
Summary: CVE-2025-62846 is a SQL injection vulnerability affecting QHora/QuRouter. An attacker with local administrator privileges can exploit the flaw to execute unauthorized commands, with a CVSSv4 base score of 9.3 (CRITICAL), using a local attack vector, no user interaction required, and high...
CVE-2025-62846
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
CVE-2025-62846 QuRouter
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
CVE-2025-69720
A flaw was found in ncurses. This vulnerability, a buffer overflow, exists within the analyzestring function. An attacker could potentially exploit this to execute unauthorized code on the affected system, which might lead to a denial of service in the affected application, the corruption of data...
CVE-2024-14025
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the...
QNAP Systems Video Station 安全漏洞
QNAP Systems Video Station is a multimedia application developed by QNAP Systems in Taiwan, China. QNAP Systems Video Station has a security vulnerability, which stems from SQL injection vulnerabilities. This vulnerability may allow attackers with administrator accounts to execute unauthorized co...
EUVD-2026-10531
An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests...
CVE-2025-49784
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...
CVE-2025-49784
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...