Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR600W version, which stems from improper handling of a specially crafted POST request for getwanobj in the file /usr/lib/lua/luci/controller/admin/common.lua, which could...

PT-2025-50762

Name of the Vulnerable Software and Affected Versions APC Network Management Card 4 affected versions not specified Description The software contains a path traversal issue that allows unauthenticated attackers to access sensitive system files. Attackers can manipulate URL parameters to exploit...

CVE-2020-36895

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

CVE-2020-36895 EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

CVE-2020-36895

CVE-2020-36895 affects EIBIZ i-Media Server Digital Signage 3.8.0. The issue is an unauthenticated configuration disclosure that lets remote attackers access sensitive configuration files via direct object reference, specifically enabling retrieval of SiteConfig.properties through an HTTP GET req...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

EUVD-2025-202276

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

December 9, 2025—KB5071544 (OS Build 17763.8146)

December 9, 2025—KB5071544 OS Build 17763.8146 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the pa...

December 9, 2025—KB5071506 (Security-only update)

December 9, 2025—KB5071506 Security-only update Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the...

PT-2025-50129

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 8.0.0 through 8.0.1 Fortinet FortiWeb versions 7.6.0 through 7.6.5 Fortinet FortiWeb versions 7.4.0 through 7.4.10 Fortinet FortiWeb versions 7.2.0 through 7.2.11 Fortinet FortiWeb versions 7.0.0 through 7.0.11...

Fortinet FortiPortal 安全漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability exists in Fortinet FortiPortal versions 7.4.0 through 7.4.5 that...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the JDBC driver for Apache Hive

Summary Multiple vulnerabilities in the JDBC driver for Apache Hive that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-58163 DESCRIPTION: FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier...

CVE-2025-14108

ZSPACE Q2C NAS 1.1.0210050) or apply vendor-provided fixes; restricting access to the affected API endpoint is a suggested workaround where feasible. If implementing, verify affected versions and monitor for vendor advisories.

Exploit for CVE-2025-55182

CVE-2025-55182 Raw HTTP Requests to exploit the insecure lazy...

Adobe Experience Manager (AEM) QueryBuilder JCR Hashed Password Disclosure

The remote Adobe Experience Manager AEM QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the hashed passwords of users in the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servle...

CVE-2025-66373

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain...

CVE-2025-11779

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

CVE-2024-53684

A cross-site request forgery csrf vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability...