Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to read sensitive files via a specially crafted HTTP request...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and earlier versions, which stems from. An attacker could exploit the vulnerability to delete sensitive files via a specially crafted HT...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...

Astra Linux – Vulnerability in freeipa

A flaw was discovered in FreeIPA. This issue may allow a remote attacker to create an HTTP request with parameters that can be interpreted as command arguments for kinit on the FreeIPA server, resulting in a denial of service...

Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-18674)

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...

CVE-2019-5110

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

CVE-2019-5069

A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

CVE-2024-3286

A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...

Four-Faith F3x36 安全漏洞

The Four-Faith F3x36 is a portable wireless mobile router from Four-Faith China. A security vulnerability exists in Four-Faith F3x36 version v2.0.0, which stems from the use of hard-coded credentials. An attacker could exploit the vulnerability to gain administrative access via a specially crafte...

The vulnerability of the software for centralized device management in Fortinet FortiManager, as well as security event monitoring and analysis tools FortiAnalyzer, arises due to errors in processing the relative path to the directory. This allows a malicious actor to execute arbitrary code.

The vulnerability of the software for centralized device management of Fortinet FortiManager, as well as security event monitoring and analysis tools FortiAnalyzer, is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor to...

PT-2025-5373 · Broadcom · Symantec Privileged Access Management

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. There is no information...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

Vulnerability of microprogrammed software in PLANET Technology switches, related to buffer overflow in the stack, allowing a hacker to execute arbitrary code.

The vulnerability of PLANET Technology’s microprogrammed switching software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted HTTP request...

PT-2025-2603 · Zyxel · Zyxel Vmg4325-B10A

Name of the Vulnerable Software and Affected Versions: Zyxel VMG4325-B10A firmware version 1.00AAFR.4C0 20170615 Description: A post-authentication command injection issue in the CGI program could allow an authenticated attacker to execute operating system commands on an affected device by sendin...

The vulnerability of the formSetDevNetName() function (implemented in the goform/SetDevNetNam library) in the Tenda A15 router software allows a attacker to execute arbitrary code or cause service interruptions.

The vulnerability of the formSetDevNetName function implemented in the goform/SetDevNetNam microprogramming environment for Tenda A15 routers is related to the issue where the operation’s output goes beyond the buffer boundaries in memory when processing the mac parameter. Exploiting this...

The vulnerability of microprogrammed software in PLANET Technology switches, related to a countable loss of significance, allows attackers to trigger a service failure.

The vulnerability of PLANET Technology’s microprogrammed software is related to a countable degree of significance loss. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures through a specially created malicious HTTP request...

Google Chrome 安全漏洞

Google Chrome is a WEB browser developed by Google Inc. A security vulnerability exists in Google Chrome V8, which can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the application context to execute arbitrary code...

PT-2025-2684 · Ibm · Ibm Urbancode Deploy

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy UCD versions 7.0 through 7.0.5.24 IBM UrbanCode Deploy UCD versions 7.1 through 7.1.2.10 IBM UrbanCode Deploy UCD versions 7.2 through 7.2.3.13 Description: The issue concerns the storage of potentially sensitive...