The vulnerability of the Linux operating system’s kernel Wi-Fi component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel Wi-Fi component is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerabilities of components such as SMB/client and kernel in Linux operating systems, which allow attackers to cause service interruptions.

The vulnerability of SMB/client components in the Linux operating system is related to the dereferencing of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the generateNavigation() function in the PHP Spreadsheet library, which allows attackers to perform cross-site scripting attacks

The vulnerability of the generateNavigation function in the PhpSpreadsheet PHP library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a remote attacker to perform cross-site scripting attacks...

The vulnerability of the Header MVC framework for developing web systems and applications in CodeIgniter allows a attacker to trigger a service failure.

The vulnerability of the Header MVC framework used for developing web systems and applications in CodeIgniter relates to conflicts in interpretation when processing HTTP headers’ names and values. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the CORS mechanism of the Vite application development local server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CORS mechanism of the Vite application development local server is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information by sending specially craft...

The vulnerability of the application access protection software in Docker environments. IBM Security Verify Access Docker, a access management system from IBM Security Verify Access, has a flaw related to the lack of necessary verification during password changes. This allows attackers to alter user passwords.

The vulnerability of the Docker-based application access control software, IBM Security Verify Access, lies in the lack of necessary authentication during password changes. Exploiting this vulnerability allows an attacker to remotely change a user’s password...

The vulnerability in the implementation of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol for the FortiOS operating system allows a hacker to execute arbitrary code or commands.

The vulnerability of the Control and Provisioning of Wireless Access Points CAPWAP implementation in the FortiOS operating system is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or commands by sending specially crafted U...

The vulnerability of the SSL_VERIFY_PEER mode in the OpenSSL cryptographic library allows a attacker to execute a man-in-the-middle attack.

The vulnerability of the SSL-VerifyPEER mode in the OpenSSL cryptographic library is related to the absence of a mechanism to notify the user of the establishment of a connection session. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” attack during a...

The vulnerability of the command-line interface (CLI) of the Fortinet FortiManager device management software allows a attacker to disclose confidential information.

The vulnerability of the command-line interface CLI of the Fortinet FortiManager device management software is related to the use of a hard-coded cryptographic key. Exploiting this vulnerability allows an attacker, operating remotely, to disclose confidential information...

The vulnerability of the Microsoft Outlook for Android client, related to information representation errors in the user interface, allows a hacker to perform spear-phishing attacks.

The vulnerability of the Microsoft Outlook for Android client is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

Microsoft Edge browser’s vulnerability, related to errors in data type mixing, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge relates to type confusion errors in data types. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Microsoft Edge browsers, related to insufficient granularity of the address areas protected by registry locks, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge relates to the insufficient granularity of the address spaces protected by registration blocking. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the NTLM Hash component in Windows operating systems allows attackers to perform spoofing attacks.

The vulnerability of the NTLM Hash component of the Windows operating system is related to the disclosure of hashes due to improper external manipulation of the name or file. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks and gain unauthorized access to protect...

The vulnerability of Qtech Gigabit SPF WiFi Gateway’s microprogramming software, related to access control deficiencies, allows attackers to disclose protected information.

The vulnerability of the Qtech Gigabit SPF WiFi Gateway microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to disclose protected information by using the pre-installed account...

The vulnerability of the software interface of FortiWeb web applications allows a perpetrator to execute arbitrary commands or code.

The vulnerability of the FortiWeb web application firewall software exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or code by sending specially crafted requests...

The vulnerability of the software interface of FortiWeb web applications allows a perpetrator to execute arbitrary commands or code.

The vulnerability of the software interface of FortiWeb web applications exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or code by sending specially crafted requests...

The vulnerability of the application software interface of the Knowledge Space integrated planning platform lies in the lack of verification of the user’s authority to access the object. This allows a malicious actor to gain access to configuration information.

The vulnerability of the application programming interface of the Knowledge Space integrated planning platform is related to the lack of verification of the user’s authority to access the object. Exploiting this vulnerability allows a malicious actor to obtain access to configuration information ...

The vulnerability of the HS256 algorithm implementation in the Knowledge Space integrated planning platform lies in the use of weak credentials. This allows a hacker to gain full access to the platform.

The vulnerability of the HS256 algorithm implementation in the Knowledge Space integrated planning platform lies in the use of weak authentication data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the platform...

The vulnerability of the command-line interface (CLI) of the FortiClient for MAC security tool allows a perpetrator to gain unauthorized access to the system.

The vulnerability of the command-line interface CLI of the FortiClient for MAC security tool is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the system...

The vulnerability of the command-line interface (CLI) of the Fortinet FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the command-line interface CLI of the Fortinet FortiManager device management system and the FortiAnalyzer event monitoring and analysis tool is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an...

The vulnerability of the graphical user interface of the FortiSIEM security management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the graphical user interface of the FortiSIEM security management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows attackers to perform cross-site scripting attacks by sending specially crafted HTTP requests...

The vulnerability of the pam_sm_authenticate() function in the PAM-PKCS#11 authentication module of Linux operating systems allows a hacker to bypass the authentication process and gain unauthorized access to protected information.

The vulnerability of the pamsmauthenticate function in the PAM-PKCS11 authentication module of Linux operating systems is related to authentication errors. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process and gain unauthorized access to protected...

The vulnerability of the Time Zone component in iOS, Mac OS, and iPadOS operating systems allows attackers to exploit it to disclose protected information.

The vulnerability of the Time Zone component in iOS, Mac OS, and iPadOS systems relates to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker to disclose the protected information...

The vulnerability of the Log View component of the FortiAnalyzer security event monitoring and analysis software allows a malicious actor to read the event logs from another domain.

The vulnerability of the Log View component of the FortiAnalyzer security event monitoring and analysis software is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to read the event logs from another domain...

The vulnerability of the Knowledge Space integrated planning platform, which involves disclosing information about application users, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Knowledge Space integrated planning platform relates to the disclosure of user information within the application. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the command-line interface (CLI) of the Fortinet FortiClient security device allows a hacker to escalate their privileges.

The vulnerability of the CLI interface of the Fortinet FortiClient security device for Windows relates to access control violations. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Range Request Forward function in the Cisco AsyncOS operating system of Cisco Secure Web Appliances allows attackers to circumvent security restrictions and write arbitrary files.

The vulnerability of the Range Request Forward function in the Cisco AsyncOS operating system of Cisco Secure Web Appliances is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and write arbitrary files...

The vulnerability in the web interface of the mySCADA myPRO Manager platform allows a perpetrator to gain unauthorized access to the software.

The vulnerability in the web interface of the mySCADA myPRO Manager control platform is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the software...

The vulnerability of FortiOS operating systems, related to incorrect privilege assignment, allows attackers to elevate their privileges.

The vulnerability of FortiOS operating systems is related to the improper assignment of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of the SceneKit component in operating systems such as macOS, iOS, iPadOS, watchOS, tvOS, and visionOS allows attackers to disclose protected information.

The vulnerability of the SceneKit component in macOS, iOS, iPadOS, watchOS, tvOS, and visionOS relates to operations where data is written beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by security...

The vulnerability of the WebContentFilter filter in operating systems such as iOS, iPadOS, Mac OS, and visionOS allows a hacker to trigger a service failure.

The vulnerability of the WebContentFilter filter in operating systems such as iOS, iPadOS, Mac OS, and visionOS relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the graphical interface of Fortinet’s centralized device management solutions, FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions FortiAnalyzer, FortiAnalyzer Cloud, and FortiAnalyzer-BigData, allows a perpetrator to execute arbitrary code or commands.

The vulnerability of the graphical interface of Fortinet’s centralized device management solutions, FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions FortiAnalyzer, FortiAnalyzer Cloud, and FortiAnalyzer-BigData, exists due to the lack of measure...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability in the implementation of the SMB protocol in the Mac OS allows a perpetrator to increase their privileges and execute arbitrary code.

The vulnerability of the SMB protocol implementation in the Mac OS is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the CoreAudio component in operating systems such as macOS, iOS, iPadOS, watchOS, tvOS, and visionOS allows a hacker to trigger a service failure.

The vulnerability of the CoreAudio component in macOS, iOS, iPadOS, watchOS, tvOS, and visionOS is related to unlimited resource allocation. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Qtech Gigabit SPF WiFi Gateway’s microprogramming software, related to access control deficiencies, allows attackers to execute arbitrary commands on the server.

The vulnerability of the Qtech Gigabit SPF WiFi Gateway microprogramming software is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the server by using a preinstalled account...

The vulnerabilities of the functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() in the libpq library of the PostgreSQL database management system allow a hacker to execute arbitrary code.

The vulnerabilities of the functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn in the libpq library of the PostgreSQL database management system are related to the lack of security measures for SQL query structures. Exploiting these vulnerabilities can allow a...

The vulnerability of the graphical user interface of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute cross-site scripting attacks.

The vulnerability of the graphical user interface of the FortiSandbox threat detection and mitigation system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending special...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, which allows an attacker to execute a DOM-Based XSS attack.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute a DOM-Based XSS attack remotely...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

The vulnerability of the Microsoft Azure AI Face Service, a cloud-based facial recognition and analysis service using artificial intelligence technologies, relates to the ability to bypass authentication through spoofing. This allows attackers to elevate their privileges.

The vulnerability of the Microsoft Azure AI Face Service, a cloud-based facial recognition and analysis service using artificial intelligence technologies, relates to the ability to bypass authentication through spoofing. Exploiting this vulnerability can allow unauthorized actors to gain increas...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a denial-of-service attack through a specially crafted HTML page...

The vulnerability of the Umbraco CMS system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the Umbraco CMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

The vulnerability of the verify_url_valid() function in the Activitypub-Federation framework, a platform for creating and managing communities in the Lemmy ecosystem, allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the verifyurlvalid function in the Activitypub-Federation framework, a platform for creating and managing communities in the Lemmy community, is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow an attacker to bypass...

The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications allows a perpetrator to execute arbitrary commands.

The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created HTTP request...

The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure network access control tools lies in improper external management of file names or paths, allowing attackers to write arbitrary files.

The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure network access control tools is related to improper external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to write arbitrary files...

The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications allows a perpetrator to execute arbitrary commands.

The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created HTTP request...