Cerebrate 安全漏洞

Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there were security vulnerabilities. These vulnerabilities stemmed from CRUD editing...

NETGEAR Routers 代码注入漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a code injection vulnerability, which stems from insufficient input validation in the rbe970 model. This vulnerability could allow administrators who are connected to the local networ...

NETGEAR多款产品 安全漏洞

NETGEAR RBR850 is a product of the NETGEAR company. The NETGEAR RBR850 is a router. The NETGEAR RBS850 is also a router. The NETGEAR RBS750 is another router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem from insufficient buffer input validation, which may...

NETGEAR JR6150 输入验证错误漏洞

NETGEAR JR6150 is a wireless router produced by NETGEAR Corporation. The NETGEAR JR6150 has a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators connected to the local network to make unauthorized modifications to...

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the PUT /api/v1/assistants/assistantId endpoint, when the server fails to validate and restrict modifications to...

EUVD-2024-28087

HCL BigFix Service Management SX is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from weak permissions for certain WebUI JSON endpoints, allowing low-privilege authenticated users to perform MODIFY operations...

EUVD-2025-208979

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

PT-2026-24156

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...

EUVD-2026-8724

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

CVE-2026-1747

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

CVE-2026-1747

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

CVE-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

CVE-2026-1747

Removed by vendor...

GitLab EE 安全漏洞

GitLab Enterprise Edition EE is a content management system provided by the American company GitLab. There were security vulnerabilities in versions of GitLab EE from 17.11 to 18.7.5, as well as in versions 18.8 to 18.8.5 and 18.9 to 18.9.1. These vulnerabilities stemmed from the possibility that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

The CVE-2025-59374 entry describes a supply-chain compromise in ASUS Live Update, where unauthorized modifications were distributed in several historical builds. Affected versions include ASUS Live Update prior to 3.6.8 and versions 3.6.8–3.6.15, with End-of-Support reached in October 2021. The v...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...