CVE-2025-59976

CVE-2025-59976 affects Juniper Networks Junos Space. A flaw in the web interface allows a network-authenticated attacker to download arbitrary files via crafted GET requests, escaping the JBoss file-path restrictions. All versions before 24.1R3 are affected. Remediation: upgrade to Junos Space 24...

CVE-2025-59976 Junos Space: Arbitrary file download vulnerability in web interface

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file...

CVE-2025-59975 Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS

An Uncontrolled Resource Consumption vulnerability in the HTTP daemon httpd of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service DoS. After continuously...

CVE-2025-59975 Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS

An Uncontrolled Resource Consumption vulnerability in the HTTP daemon httpd of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service DoS. After continuously...

CVE-2025-59968 Junos Space Security Director: Insufficient authorization for sensitive resources in web interface

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

CVE-2025-59968 Junos Space Security Director: Insufficient authorization for sensitive resources in web interface

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that...

GHSA-CJJF-27CC-PVMV pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters

Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...

PT-2025-41449

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev91 Description pyLoad is a free and open-source download manager written in Python. Versions prior to 0.5.0b3.dev91 have insufficient input validation in the web interface, specifically in the Captcha script...

D-Link Nuclias Connect 安全漏洞

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. A directory traversal vulnerability exists in D-Link Nuclias Connect, which stems from improper cleanup ...

Juniper Networks Junos Space Security Director 安全漏洞

Juniper Networks Junos Space Security Director is an application for managing Junos Space solutions from Juniper Networks, Inc. A security vulnerability exists in Juniper Networks Junos Space Security Director prior to version 24.1R3 Patch V4, which stems from a lack of authorization and could...

Juniper Networks Junos Space 安全漏洞

Juniper Networks Junos Space is a suite of network management solutions from Juniper Networks, USA. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. A security vulnerability exists in Juniper Networks Junos Space...

PT-2025-41407

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space Security Director versions prior to 24.1R3 Patch V4 Description A missing authorization issue exists in Juniper Networks Junos Space Security Director. An unauthenticated network-based attacker can read or modify...

PT-2025-41452

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description An improper input neutralization issue exists in the management web interface. This allows an authenticated administrator to bypass system restrictions and execute arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2025-11146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management...

CVE-2025-43889

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.4, LTS2024 release Versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory...

CVE-2025-1826

IBM Engineering Requirements Management DOORS Next IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in t...

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

CVE-2025-3718

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scriptin...

CVE-2025-3718

CVE-2025-3718 is a client-side path traversal vulnerability in the Nozomi Guardian/CMC web management interface front-end caused by missing input validation. An authenticated user with limited privileges can craft a malicious URL that, when visited by another authenticated user, may trigger a Cro...