Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2024/06/17 12:0 a.m.21 views

The vulnerability of the Microsoft Visual Studio software development tool lies in the violation of data protection mechanisms, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio software development tool is related to a breach of data protection mechanisms. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

6.2CVSS6AI score0.01354EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.21 views

Vulnerability of the landing module of the content management system (CMS) for 1C-Bitrix: A website management tool that allows a hacker to execute OS commands on a vulnerable node, gain control over resources, and penetrate the internal network.

Vulnerability of the landing module of the CMS system: Website management is triggered by synchronization errors when using a common resource. Exploiting this vulnerability allows a malicious actor to remotely execute OS commands on a vulnerable node, gain control over resources, and penetrate th...

10CVSS5.6AI score
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/28 12:0 a.m.21 views

The vulnerability of the AutoIt module in the ClamAV antivirus software package allows a malicious actor to trigger a service failure. This vulnerability exists in the Cisco Secure Endpoint Connector for Windows protection software.

The vulnerability of the AutoIt module in the ClamAV antivirus software package affects systems for protecting against malicious programs. This issue is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.8CVSS7.2AI score0.02599EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/07/17 12:0 a.m.21 views

The vulnerability of the Base plugin (gst-plugins-base) in the Gstreamer multimedia framework allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the Base plugin gst-plugins-base in the Gstreamer multimedia framework is related to insufficient protection of service data due to the lack of security updates on the remote host. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

7.8CVSS5.9AI score
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/24 12:0 a.m.21 views

The vulnerability of Eltex “ESR-200” network interface microprogramming software, related to uncontrolled resource consumption, allows a intruder to cause a service failure.

The vulnerability of the microprogrammed service router “ESR-20” is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a hacker to cause a service failure...

5.5CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/30 12:0 a.m.21 views

The vulnerability of the Authentication Engine component of the Oracle Access Manager control system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Authentication Engine component in the Oracle Access Manager access control system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

4.6CVSS6.4AI score0.00227EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/11 12:0 a.m.21 views

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages, allowing a hacker to gain full control over the operating system.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to the use of strictly encrypted login credentials during the installation of UltraVNC. Exploiting this vulnerability can allow a malicious actor to gain full control over the operating...

10CVSS5.5AI score0.03897EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.21 views

The vulnerability of the IOMobileFrameBuffer function in the operating system kernels of iOS, iPadOS, and macOS allows a hacker to execute arbitrary code.

The vulnerability of the IOMobileFrameBuffer function in operating system kernels of iOS, iPadOS, and macOS relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.8CVSS6.3AI score0.11638EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/03/25 12:0 a.m.21 views

The vulnerability of the microprogrammed software of Schneider Electric’s Modicon M340 programmable logic controllers stems from insufficient validation of input data. This allows a intruder to trigger malfunctions during maintenance operations.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controllers is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure by sending a specially...

5.7CVSS5.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/01/26 12:0 a.m.21 views

The vulnerability of the PresentationAvailabilityObserver::AvailabilityChanged method in the Sailfish Browser application of the Aurora operating system allows a perpetrator to trigger a service failure.

The vulnerability of the PresentationAvailabilityObserver::AvailabilityChanged method in the Sailfish Browser application for the Aurora operating system is related to the use of dynamic memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

6.2CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/12/10 12:0 a.m.21 views

The vulnerability of the microprogramming software for Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 allows a hacker to obtain information about the SMTP server configuration, including user logins and passwords.

The vulnerability of the microprogramming software in Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 controllers is related to security mechanism failures. Exploiting this vulnerability can allow attackers to obtain information about the SMTP server configuration, includin...

5.3CVSS5.5AI score0.00898EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/12/07 12:0 a.m.21 views

The vulnerability of the components term.arh and core.arh of the EKRA 200 microprocessor series allows a hacker to access confidential information and create new configuration files.

The vulnerability of the term.arh and core.arh components of the EKRA microprogramming system lies in the presence of pre-installed registration data. Exploiting this vulnerability can allow attackers to access confidential information and create new configuration files...

5.6CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/09 12:0 a.m.21 views

The vulnerability of the udhcp component in the UNIX-based BusyBox command-line utilities, related to reading beyond the buffer in memory, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the udhcp component in the UNIX-based BusyBox command-line utilities is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

7.8CVSS7.4AI score0.04651EPSS
Exploits2References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2020/06/17 12:0 a.m.21 views

The vulnerability of the “invite_by_admins_only” permission implementation in the Zulip Server group chat application allows a violator to gain unauthorized access to protected information.

The vulnerability of the “invitebyadminsonly” permission implementation in the Zulip Server group chat application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

9.3CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/13 12:0 a.m.21 views

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.

The vulnerability in the vManage web interface of the Cisco SD-WAN programmatically defined network is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

5.5CVSS6.7AI score0.54249EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.21 views

Vulnerability of the zgfx_decompress() function in the RDP client FreeRDP, allowing a hacker to execute arbitrary code

The vulnerability of the zgfxdecompress function in the RDP client of FreeRDP arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8AI score0.07293EPSS
Exploits1References6Affected Software5
BDU FSTEC
BDU FSTEC
added 2019/12/09 12:0 a.m.21 views

The vulnerability of Google Chrome browser, which arises due to insufficient validation of input data, allows attackers to circumvent navigation restrictions.

The vulnerability of Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to circumvent navigation restrictions using a specially created extension...

8.8CVSS7.7AI score0.00632EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.21 views

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” allows a perpetrator to execute arbitrary codes.

The vulnerability of the “Update Manager” component of the enterprise resource management system Galaktika ERP is related to the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor, who operates remotely and has access to the update server, to execute...

8.3CVSS6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/10/01 12:0 a.m.21 views

The vulnerability of the fly-admin-local-se component in the FLY operating system of the Astra Linux platform allows a attacker to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.

The vulnerability of the fly-admin-local-se component in the FLY operating system of Astra Linux is related to logging errors when changing user privileges, as well as errors in creating rules for devices with the same name. Exploiting this vulnerability can allow attackers to compromise data...

6.3CVSS5.5AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/09/25 12:0 a.m.21 views

The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches, which is related to the default use of the HTTP protocol, allows attackers to intercept administrator credentials and other confidential information, thereby gaining access to the control system.

The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches is related to the default use of the HTTP protocol in implementing the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to remotely intercept administrator...

10CVSS5.5AI score0.00812EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/08/13 12:0 a.m.21 views

The vulnerability of the IcedTea-Web plugin, related to an incorrect limitation on the path name to the restricted access catalog, allows a hacker to write arbitrary files to the device’s file system.

The vulnerability of the IcedTea-Web plugin is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the device’s file system using a specially crafted file in formats: .tar, .jar, .war,...

8.6CVSS5.6AI score0.04022EPSS
Exploits0References6Affected Software5
BDU FSTEC
BDU FSTEC
added 2019/07/30 12:0 a.m.21 views

The vulnerability of the eDocLib platform for storing and processing corporate data lies in the absence of a user-friendly error page, which allows attackers to disclose the protected information.

The vulnerability of the eDocLib platform for storing and processing corporate data exists due to an error in the application configuration, which results in the absence of a user-friendly error page. Exploiting this vulnerability allows a malicious actor to disclose system-sensitive information ...

4.3CVSS5.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/07/30 12:0 a.m.21 views

Vulnerability of the software complex: Regional electronic budget. The integration platform, which is related to the shortcomings of the mechanism for limiting the number of authentication attempts, allows a violator to select a user password.

Vulnerability of the software complex: Regional electronic budget. The integration platform is connected to the shortcomings of the mechanism for limiting the number of authentication attempts. Exploiting this vulnerability can allow a malicious actor to select a user password remotely...

8.6CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/25 12:0 a.m.21 views

The vulnerability of the sub-component of the CRM User Management Framework within the Oracle Common Applications component of the Oracle E-Business Suite allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the CRM User Management Framework component of the Oracle Common Applications system, part of the Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data using t...

8.5CVSS5.5AI score0.01287EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.21 views

The vulnerability of the Sn5Crypto.sys driver of the Secret Net Studio security system, which allows a hacker to trigger a service failure.

The vulnerability of the Sn5Crypto.sys driver of the Secret Net Studio security system is related to errors in processing the SECURITYDESCRIPTOR structure. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.9CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/08 12:0 a.m.21 views

The vulnerability of the fly-weather software package for the Astra Linux operating system, related to a validation error in the input data received from web servers, allows attackers to perform spoofing attacks.

The vulnerability of the fly-weather software package for the Astra Linux operating system is related to a validation error in the input data received from web servers. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

8.4CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.21 views

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to errors in the authentication process in the guest operating system. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

6.8CVSS7.1AI score0.01724EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/05/24 12:0 a.m.21 views

The vulnerability of the REST API interface of the Junos operating system allows a perpetrator to gain access to information about user account passwords.

The vulnerability of the REST API interface of the Junos operating system is related to errors in managing registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to information about user account passwords...

5.3CVSS6.3AI score0.01285EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/06 12:0 a.m.21 views

The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite allows a hacker to execute HTML code.

The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code into the user’s browser by placin...

4.3CVSS5.7AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/04/12 12:0 a.m.21 views

The vulnerability in the web interface of the microprogramming software for Cisco IP Phones series 8800 allows a perpetrator to cause a service failure.

The vulnerability of the web interface of Cisco IP phones—IP Phone 8800, IP Conference Phone 8832, IP Phone 8821, and IP Phone 8821-EX—is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.2AI score0.01939EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/02/07 12:0 a.m.21 views

Multiple vulnerabilities in the security extension of the Astra Linux operating system, which allow a hacker to trigger a service failure.

The multiple vulnerabilities of the Astra Linux operating system’s security extension are related to incorrect handling of names for privacy levels that consist of digits. Additionally, there is no functionality for mounting removable devices when working with non-zero privacy flags. Exploitation...

4CVSS5.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/02/07 12:0 a.m.21 views

The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems arises from an operation that goes beyond buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems arises from operations that go beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code by sending a specially crafted ARF or...

7.8CVSS7.8AI score0.0148EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/01/18 12:0 a.m.21 views

The vulnerability of the NormaCS automation tool for working with regulatory documents allows a violator to execute any code they desire.

The vulnerability of the NormaCS tool for automating the processing of regulatory documents is related to the use of the MFC library set. It arises due to deficiencies in the restriction on the searchable range of dynamically loaded libraries. Exploiting this vulnerability could allow a malicious...

6.9CVSS6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/01/17 12:0 a.m.21 views

The vulnerability of the embedded software in the CNC11 TITANIUM mini system allows a perpetrator to execute any program present in the system.

The vulnerability of the embedded software in the CNC11 TITANIUM mini system is related to the absence of a mechanism for controlling the execution of external applications. Exploiting this vulnerability allows an attacker to execute existing applications within the system by accessing the...

3.6CVSS5.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/05/11 12:0 a.m.21 views

The vulnerability of the SMB service in the RouterOS operating system of MikroTik allows a hacker to execute arbitrary code.

The vulnerability of the SMB service in the RouterOS operating system from MikroTik arises from operations that go beyond the buffer limits in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS6.2AI score0.61018EPSS
Exploits7References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/07/28 12:0 a.m.21 views

The vulnerability of the Simple Network Management Protocol (SNMP) subsystem of the Cisco IOS operating system, which allows a hacker to inject code or trigger a system reboot.

Many vulnerabilities in the Simple Network Management Protocol SNMP subsystem of the Cisco IOS operating system are caused by buffer overflows. Exploitation of these vulnerabilities allows a malicious actor to inject code into the system or cause it to restart by sending specially created SNMP...

9CVSS7.9AI score0.10788EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.21 views

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the linux-headers-2.6.18-6-686-bigmem package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

7.8CVSS5.8AI score0.0368EPSS
Exploits7References17Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.21 views

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

Multiple vulnerabilities exist in the linux-doc-2.6.18 package of the Debian GNU/Linux operating system. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

7.8CVSS5.8AI score0.0368EPSS
Exploits7References17Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.21 views

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the linux-headers-2.6.18-6-686 package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

7.8CVSS5.8AI score0.0368EPSS
Exploits7References17Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.21 views

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the linux-headers-2.6.18-6-486 package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

7.8CVSS5.8AI score0.0368EPSS
Exploits7References17Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/06/21 12:0 a.m.21 views

The vulnerability of the information protection system against unauthorized access—Dallas Lock—allows a intruder to gain unauthorized access to information by circumventing the access control rules.

The vulnerability in the “Dallas Lock 8.0” information protection system driver lies in its lack of implementation of access control for attributes of file system objects. An attacker can access a file system object that is restricted according to access control rules, by using a special attribut...

9CVSS5.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/02/08 12:0 a.m.21 views

The vulnerabilities of the microprogramming software in the access control system for the virtual environment NetScaler Gateway and the NetScaler Application Delivery Controller allow a perpetrator to enhance their privileges.

The multiple vulnerabilities of the microprogramming software for access control systems in the NetScaler Gateway and the NetScaler Application Delivery Controller are related to code errors. Exploiting these vulnerabilities could allow a malicious actor to enhance their privileges by manipulatin...

10CVSS5.7AI score0.03124EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.21 views

The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the imlib2 package up to version 1.4.2-r1 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

7.5CVSS5.4AI score0.03641EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/11 12:0 a.m.20 views

The vulnerability of the wled_configure() function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the wledconfigure function in the Linux operating system’s kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.4AI score0.00166EPSS
Exploits0References13Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/08/11 12:0 a.m.20 views

The vulnerability of the key_extract_l3l4 function in the net_openvswitch/flow.c module of the openvswitch component of Linux kernel allows a attacker to cause a service failure.

The vulnerability of the keyextractl3l4 function in the netopenvswitch/flow.c module of the openvswitch component in Linux kernels is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to cause service failures by sending specially crafted MPLS packets...

5.5CVSS7.2AI score0.00174EPSS
Exploits0References19Affected Software7
BDU FSTEC
BDU FSTEC
added 2025/08/01 12:0 a.m.20 views

The vulnerability of the Kerberos Helper component in operating systems like macOS, which allows a perpetrator to trigger a service failure.

The vulnerability of the Kerberos Helper component in operating systems like macOS is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a attacker to cause service interruptions...

5.5CVSS8AI score0.00453EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/22 12:0 a.m.20 views

The vulnerability of the AES-XTS encryption algorithm implementation in single-Chip Microcontrollers ESP32-S2 and ESP32-S2F allows a attacker to compromise the confidentiality of the protected information.

The vulnerability of the AES-XTS encryption algorithm implemented in single-Chip Microcontrollers ESP32-S2 and ESP32-S2F is related to the number of surfaces that are vulnerable, with their quantitative measurement exceeding the desired maximum. Exploiting this vulnerability can allow attackers t...

4.2CVSS5.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.20 views

The vulnerability of the Microsoft Visual Studio Code Python Extension, related to breach of confidentiality boundaries, allows the attacker to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio Code Python Extension is related to a breach of trust boundaries. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS5.8AI score0.00398EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/18 12:0 a.m.20 views

The vulnerability of the CommuniGate Pro mail server lies in the lack of authentication for critical functions, allowing attackers to send emails with arbitrary content to any email address.

The vulnerability of the CommuniGate Pro mail server lies in the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to send emails with arbitrary content to any email address...

7.8CVSS5.7AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/08 12:0 a.m.20 views

The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the ability to read data beyond the buffer in memory, allowing attackers to disclose protected information.

The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the reading of data beyond the buffer boundaries in memory during file processing for U3D files. Exploiting this vulnerability can allow attackers to disclose protecte...

3.3CVSS5.9AI score0.00211EPSS
Exploits0References3Affected Software3
Total number of security vulnerabilities5000