90604 matches found
The vulnerability of the FortiOS operating system in the FortiGate 200F network firewall allows a attacker to execute a brute-force attack.
The vulnerability of the FortiOS operating system for the FortiGate 200F network firewall is related to security mechanism flaws. Exploiting this vulnerability could allow a malicious actor to execute a brute-force attack remotely...
The vulnerability of the Windows Media component in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Windows Media component in Windows operating systems is related to overflowing buffers in dynamic memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
Vulnerability of the hid_ctrl() function in the drivers/hid/usbhid/hid-core.c module – The driver for the user interface devices of the Linux kernel allows a hacker to compromise the confidentiality and accessibility of protected information.
Vulnerability of the hidctrl function in the drivers/hid/usbhid/hid-core.c module – The driver for the user interface devices in the Linux kernel is vulnerable to a memory leak before the last reference is freed. Exploiting this vulnerability could allow an attacker to compromise the...
The vulnerability of the E-Staff automated recruitment process system, related to data filtering errors, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the E-Staff recruitment process automation system is related to data filtering errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Vulnerability fixed on May 13, 2025
...
The vulnerability in the Windows 10 22H2 operating system, related to the swapping of the zero pointer, allows a malicious actor to trigger a service failure in the operating system’s kernel.
The vulnerability of the Windows 10 22H2 operating system is related to the assignment of the null pointer. Exploiting this vulnerability can allow an attacker to cause a kernel failure in the operating system...
The vulnerability of the SIEM systems’ load testing tool, Kraken Stress Testing Toolkit, arises from the improper use of Content Security Policy (CSP) protection mechanisms. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the improper use of Content Security Policy CSP protection mechanisms. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...
The vulnerability of SimpleOne Platform’s software lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. This allows attackers to inject HTML tags into the website.
The vulnerability of SimpleOne Platform’s software lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. Exploiting this vulnerability allows a remote attacker to inject an HTML tag that includes a link to an external resource...
The vulnerability of the pdf.js library on the MFlash secure data exchange platform, related to the lack of protective measures for website structures, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the pdf.js library on the MFlash secure data exchange platform is related to the lack of protective measures for the web page structure. Exploiting this vulnerability could allow an attacker to execute arbitrary JavaScript code remotely...
The vulnerability of software for vehicle management and tracking systems, related to the possibility of escaping the directory structure, allows a violator to increase their privileges and execute arbitrary code.
The vulnerability of the software for controlling and monitoring vehicles in the Howen Vehicle Service System is related to the possibility of it escaping the directory structure. Exploiting this vulnerability could allow a remote attacker to perform network activities without the user’s knowledg...
The vulnerability of the phpgacl/acl_admin.tpl template in the PHP library for managing access in web applications. This is part of the phpGACL system used for managing medical documentation in OpenEMR. It allows attackers to perform cross-site scripting attacks.
The vulnerability of the phpgacl/acladmin.tpl template in the PHP library for managing access in web applications is related to the lack of protective measures taken when processing the action template parameters. Exploiting this vulnerability allows a remote attacker to perform cross-site...
The vulnerability of the libbpf component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the libbpf component in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Elastic Defend software’s detection, monitoring, and response mechanisms is related to insufficient handling of exceptional states, allowing attackers to trigger a service failure.
The vulnerability of the software for detecting, monitoring, and responding to Elastic Defend threats is related to insufficient handling of exceptional states. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of Qtech Gigabit SPF WiFi Gateway’s microprogramming software, related to access control deficiencies, allows attackers to disclose protected information.
The vulnerability of the Qtech Gigabit SPF WiFi Gateway microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to disclose protected information by using the pre-installed account...
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.
The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...
The vulnerability in the form2WlAc.cgi script of the D-Link DIR-816A router’s software allows a hacker to execute arbitrary code.
The vulnerability of the form2WlAc.cgi script of the D-Link DIR-816A2 router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTTP POST request...
The vulnerability of macOS operating systems, related to the insecure storage of confidential information, allows attackers to gain unauthorized access to protected data.
The vulnerability of macOS operating systems lies in the insecure storage of confidential information. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
The vulnerability of the Install component of the software tool for managing the life cycle of products in the Oracle Agile PLM Framework allows a perpetrator to disclose protected information.
The vulnerability of the Install component of the software lifecycle management tool for Oracle Agile PLM Framework relates to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through HTTP requests...
The vulnerability of the Launch Services interface for macOS operating systems allows attackers to circumvent security restrictions.
The vulnerability of the Launch Services interface for macOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to circumvent security restrictions...
The vulnerability of the Linux operating system’s kernel component “perf”, which allows a hacker to trigger a service failure
The vulnerability of the perf component in the Linux operating system’s kernel is related to the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the NFSD component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the NFSD component in the Linux operating system’s kernel is related to the operation of the operation outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Strapi content management system, related to the lack of protective measures for web pages, allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the CMS Strapi content management platform, related to the lack of security measures for web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code by loading a specially crafted PDF file remotely...
The vulnerability in the implementation of the cc_SendCcImsInfoIndMsg function in the cc_MmConManagement.c file of the Android operating system of Pixel phones allows a hacker to execute arbitrary code.
The vulnerability in the implementation of the ccSendCcImsInfoIndMsg function in the ccMmConManagement.c file of the Android operating system for Pixel phones is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute...
The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to incorrect external management of file names or file paths, allows a perpetrator to delete any files they desire.
The vulnerability of the Palo Alto Networks Expedition configuration migration tool is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files remotely...
Vulnerability of JetBrains YouTrack’s data merging functions, which allows attackers to execute a “ prototype contamination ” attack.
The vulnerability of the data merging functions in the JetBrains YouTrack project and task management software is related to the uncontrolled modification of prototype object attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...
The vulnerability of the xdp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the xdp component in the Linux operating system’s kernel is related to the pointer to NULL. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s kernel cgroup component, which allows a hacker to cause a service failure
The vulnerability of the Linux operating system’s kernel cgroup component is related to the lack of memory release after the effective lifespan of the component has ended. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of DRM/VKMS components in Linux kernel allows a perpetrator to trigger a service failure.
The vulnerability of DRM/VKMS components in Linux operating systems is related to improper input validation in the function applyluttochannelvalue. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of the YouGile project management service, related to inconsistencies in responses to incoming requests, allows a hacker to disclose protected information.
The vulnerability of the YouGile project management service is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...
The vulnerability of the Microsoft .NET software platform, related to deficiencies in the deserialization mechanism, allows attackers to trigger a service failure.
The vulnerability of the Microsoft .NET software platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
The vulnerability of the iframe plugin in the JetBrains YouTrack software environment allows a hacker to execute arbitrary JavaScript code and unauthorized API calls.
The vulnerability of the iframe plugin in the JetBrains YouTrack software environment relates to insufficient verification of the connection source. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code and make unauthorized API requests...
The vulnerability of the msp_info.htm file on the D-Link DI-8100G network device allows a hacker to bypass security restrictions and execute arbitrary commands.
The vulnerability of the mspinfo.htm file on the D-Link DI-8100G network device is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitra...
The vulnerability of the Windows Network Virtualization service allows a hacker to execute arbitrary code.
The vulnerability of the Windows Network Virtualization service for Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the `ospf_te_parse_ext_link()` function in the Opaque LSA Extended Link Parser component of the networking routing implementation software for Unix-like systems allows a hacker to execute arbitrary code.
The vulnerability of the ospfteparseextlink function in the Opaque LSA Extended Link Parser component of the networking routing implementation software for Unix-like systems is related to the escape operation from the buffer into memory. Exploitation of this vulnerability allows a remote attacker...
The vulnerability of MicroLogix 1400 programmable logic controllers’ microprogramming software, related to insufficient protection of operational data, allows unauthorized access by attackers to the protected information.
The vulnerability of MicroLogix 1400 programmable logic controllers’ microprogramming software is related to insufficient protection for operational data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...
The vulnerability of the “Updates Service” software, which allows a hacker to gain access to read local files.
The vulnerability of the “Updates Service” software’s web request handler lies in the lack of limits on authentication attempts. Exploiting this vulnerability can allow a malicious actor to gain read access to local files...
The vulnerability of SAP NetWeaver AS ABAP and SAP NetWeaver ABAP integration platforms, related to uncontrolled resource consumption, allows attackers to trigger service failures.
The vulnerability of SAP NetWeaver AS ABAP and SAP NetWeaver ABAP integration platforms is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the Microsoft Visual Studio software development tool lies in the violation of data protection mechanisms, allowing attackers to execute arbitrary code.
The vulnerability of the Microsoft Visual Studio software development tool is related to a breach of data protection mechanisms. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of embedded software developed by Qualcomm, related to deficiencies in the use of the assert() function, allows attackers to trigger a service failure.
The vulnerability of embedded software developed for Qualcomm chips lies in the improper implementation of the channel bandwidth division mechanism and the switching between subbands when performing Beam Switching. This occurs due to the use of the assert function. Exploiting this vulnerability c...
The vulnerability of the command-line interface (CLI) of Juniper Networks’ Junos OS Evolved operating system, which allows a attacker to trigger a service failure.
The vulnerability of the command-line interface CLI of Juniper Networks’ Junos OS Evolved operating system is related to incorrect checking of the return value of methods or functions. Exploiting this vulnerability can allow an attacker to cause a service failure...
Vulnerability of the landing module of the content management system (CMS) for 1C-Bitrix: A website management tool that allows a hacker to execute OS commands on a vulnerable node, gain control over resources, and penetrate the internal network.
Vulnerability of the landing module of the CMS system: Website management is triggered by synchronization errors when using a common resource. Exploiting this vulnerability allows a malicious actor to remotely execute OS commands on a vulnerable node, gain control over resources, and penetrate th...
The vulnerability of the Base plugin (gst-plugins-base) in the Gstreamer multimedia framework allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.
The vulnerability of the Base plugin gst-plugins-base in the Gstreamer multimedia framework is related to insufficient protection of service data due to the lack of security updates on the remote host. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...
The vulnerability of Eltex “ESR-200” network interface microprogramming software, related to uncontrolled resource consumption, allows a intruder to cause a service failure.
The vulnerability of the microprogrammed service router “ESR-20” is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a hacker to cause a service failure...
The vulnerability of the Authentication Engine component of the Oracle Access Manager control system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Authentication Engine component in the Oracle Access Manager access control system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the SetNetworkTomographySettings function in D-Link COVR 1200,1202,1203 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the SetNetworkTomographySettings function in D-Link COVR 1200,1202,1203 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands throug...
Microsoft Edge browser’s vulnerability, related to insecure management of privileges, allows attackers to elevate their privileges.
The vulnerability of Microsoft Edge relates to the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the Manage Proxies component of the Oracle E-Business Suite automation system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Manage Proxies component of the Oracle E-Business Suite automation system exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP...
The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages, allowing a hacker to gain full control over the operating system.
The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to the use of strictly encrypted login credentials during the installation of UltraVNC. Exploiting this vulnerability can allow a malicious actor to gain full control over the operating...
The vulnerability of the IOMobileFrameBuffer function in the operating system kernels of iOS, iPadOS, and macOS allows a hacker to execute arbitrary code.
The vulnerability of the IOMobileFrameBuffer function in operating system kernels of iOS, iPadOS, and macOS relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Google Chrome web browser’s Extensions relates to the use of memory after it is released. This allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of Google Chrome’s browser Extensions relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service interruptions through a specially created HTML page...