Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which can be exploited by an attacker to cause a...

CVE-2023-53690

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

CVE-2021-47689

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...

CVE-2025-54763

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command...

EUVD-2020-30812

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

Century Systems FutureNet MA-X series 操作系统命令注入漏洞

Century Systems FutureNet MA-X series is a series of industrial communication module devices from Century Systems, Japan. An operating system command injection vulnerability exists in the Century Systems FutureNet MA-X series, which stems from an OS command injection vulnerability in the Web UI...

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29085)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the use of outdated and vulnerabl...

CVE-2020-36861

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

CVE-2020-36861

Nagios XI Core Config Manager (CCM) contains multiple cross-site scripting (XSS) vulnerabilities in the overlay UI elements and Notification/Check Period pages for Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5. The issues arise from insufficient validation/escaping of user-supplied inpu...

CVE-2025-34270

CVE-2025-34270 affects Nagios Log Server versions prior to 2024R2.0.2, where the AD/LDAP user import path does not obfuscate the password field. The result is potential exposure of plaintext passwords for imported accounts in the user interface, logs, or other diagnostic output. The Red Hat and E...

CVE-2023-53690 Nagios Fusion < 4.2.0 LDAP/AD Integration Stored XSS

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

Malicious code in player-support-tools-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43e35bb951aab567fdb15daabc8db34691f937b3fefbf102bc1e19657c88aa72 The package player-support-tools-ui was found to contain malicious code...

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds...

GHSA-V3C9-J6H9-66V4 Apache Airflow has a command injection vulnerability in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

Apache Airflow has a command injection vulnerability in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the trustremotecode parameter provided to the load...

PT-2025-44467

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.5 Core Config Manager CCM versions prior to 3.0.8 Description The Core Config Manager CCM in Nagios XI has multiple cross-site scripting XSS issues in the overlay UI elements and the Notification/Check Period...

KLA89786 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Type Confusion vulnerability in V8 can be...

PT-2025-44367

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.0.5 Description A parameter in the example dag decorator dag was not properly validated, potentially allowing a user of the Airflow UI to redirect the example to a malicious server and execute code on a worke...

Linux Distros Unpatched Vulnerability : CVE-2025-12435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page...