DRUPAL-CONTRIB-2025-121

This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...

EUVD-2022-29283

Malicious code in bioql PyPI...

EUVD-2022-34908

Malicious code in bioql PyPI...

CVE-2025-50675

GPMAW 14/14.2 is affected by a local, privilege-escalation vulnerability due to insecure default permissions in the installation directory (C:\Program Files\gpmaw). The directory allows full read/write/execute access for Everyone, enabling a non-privileged user to replace or modify critical compo...

CVE-2022-43990

Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version = 2.2.0 as soon as possible available in SICK Support Portal...

CVE-2019-15720

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...

CVE-2024-24767

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

CVE-2024-24767 CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. Th...

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access...

CVE-2023-33991

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

CVE-2023-29188

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS...

CVE-2022-3088

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T...

CVE-2022-2662

Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device...

Authentication flaw

Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device...

CVE-2022-2662

CVE-2022-2662 relates to the Sequi PortBloque S firewall and is described as an improper authentication vulnerability that may allow an attacker to bypass the authentication process and gain user‑level access to the device. Public sources in the connected set confirm affected product: Sequi PortB...

CVE-2022-2662 Sequi PortBloque S Improper Authentication

Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device...

CVE-2022-2662 Sequi PortBloque S Improper Authentication

Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device...

Sequi PortBloque S 安全漏洞

Sequi PortBloque S is a specialized firewall from Sequi. It protects Modbus devices from serial attacks. A security vulnerability exists in Sequi PortBloque S, which arises from an incorrect authentication issue that can be exploited by an attacker to bypass the authentication process and gain...

Fidelis Network Deception Command Injection Vulnerability (CNVD-2022-59170)

Fidelis Network Deception is a security product from Fidelis USA. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from a problem with date in rconfig. An attacker with CLI user-level access could exploit the vulnerability to inject root-level...

Fidelis Network Deception SQL Injection Vulnerability

Fidelis Network Deception is a security product from Fidelis USA. It is used to detect threats and prevent data loss with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats. A SQL injection vulnerability exists in Fidelis...