90709 matches found
The vulnerability of the Sitecore Experience Manager (XM) and Experience Platform (XP) content management systems, related to the use of strictly encrypted user credentials, allows attackers to gain access to user accounts with administrative privileges.
The vulnerability of Sitecore Experience Manager XM and Experience Platform XP management systems is related to the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker to gain access to a user account with administrative privileges...
The vulnerability of the CI/CD Harden-Runner security agent, related to incorrect privilege assignment, allows a perpetrator to elevate their privileges.
The vulnerability of the security agent CI/CD Harden-Runner is related to the improper assignment of privileges. Exploiting this vulnerability can allow a attacker to enhance their privileges...
The vulnerability of the websWhiteList component in the microprogramming software for UTT HiPER 840G allows a hacker to cause a service failure.
The vulnerability of the websWhiteList component in the microprogramming software for UTT HiPER 840G relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Java-based content management system OFCMS, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.
The vulnerability of the Java-based content management system OFCMS is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.
The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute a SRF attack remotely...
The vulnerability of the N8n automation platform, related to deficiencies in the mechanism for verifying input data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the N8n automation platform for work processes is related to deficiencies in the mechanism for verifying input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a specially crafted JS...
The vulnerability of the Bluetooth Low Energy Stack component of the microprogramming software in Cypress PSoC4 integrated circuit microcontrollers allows a hacker to bypass the authentication process.
The vulnerability of the Bluetooth Low Energy Stack component of the microprogramming software in Cypress PSoC4 integrated circuit microcontrollers is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass the authentication...
The vulnerability of Mitsubishi Electric’s air conditioning system, related to the lack of authentication for a critical function, allows a perpetrator to control the air conditioning system.
The vulnerability of Mitsubishi Electric’s air conditioning system lies in the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to remotely control the air conditioning system...
The vulnerability of the MICROprogramming software of the SIMATIC CN 4100 communication gateway, related to the lack of measures taken for data cleaning at the management level, allows a intruder to execute arbitrary codes.
The vulnerability of the MICROprogramming software for the SIMATIC CN 4100 communication gateway lies in the lack of measures taken to clean data at the management level. Exploiting this vulnerability could allow a malicious actor to execute arbitrary codes remotely...
The vulnerability of the microprogramming software of the SIMATIC CN 4100 communication gateway, related to information disclosure, allows a intruder to gain unauthorized access to the protected information.
The vulnerability of the MICROprogramming software for the SIMATIC CN 4100 communication gateway relates to the exposure of information. Exploiting this vulnerability can allow unauthorized individuals to gain unauthorized access to protected information...
The vulnerability of the microprogrammed software for POWER METER SICAM Q100 and POWER METER SICAM Q200 lies in the unencrypted storage of critical information, which allows an intruder to gain unauthorized access to the protected data.
The vulnerability of the microprogrammed power meter measuring devices POWER METER SICAM Q100 and POWER METER SICAM Q200 is related to the unencrypted storage of critical information. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the protected information...
The vulnerability of the Pillow image processing library, related to buffer overflow in dynamic memory, allows an attacker to execute arbitrary code.
The vulnerability of the Pillow image processing library is related to overflow in the dynamic memory buffer. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the cross-platform FTP server CrushFTP, which stems from insufficient validation of incoming requests, allows attackers to execute SSRF attacks.
The vulnerability of the cross-platform FTP server CrushFTP is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the SAML Response Message Handler component in FortiOS operating systems, FortiWeb network layer for web applications, FortiProxy proxy server for protecting against internet attacks, and FortiSwitchManager local management platform allows attackers to bypass existing security mechanisms.
The vulnerability of the SAML Response Message Handler component in FortiOS operating systems, FortiWeb network layer for web applications, FortiProxy proxy server for protecting against internet attacks, and the local management platform FortiSwitchManager is related to deficiencies in the...
The vulnerability of the library for syntactic analysis and generation of CSS Color-String codes is related to the presence of undeclared capabilities, allowing a hacker to execute arbitrary code.
The vulnerability of the library for syntactic analysis and generation of CSS Color-String strings is related to the presence of undeclared capabilities. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the widgetkey variable in the widgets/log.widget.php file of the software network interface layer based on the FreeBSD Netgate pfSense operating system allows a intruder to execute arbitrary code.
The vulnerability of the widgetkey variable in the widgets/log.widget.php file of the FreeBSD Netgate pfSense software layer is related to the lack of security measures for protecting the website structure. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the software network firewall based on the FreeBSD operating system, Netgate pfSense, arises from incorrect code generation, allowing a hacker to execute arbitrary code.
The vulnerability of the software network firewall based on the FreeBSD operating system, Netgate pfSense, is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Ruckus Virtual SmartZone’s microprogrammed software controllers, related to bypassing the relative path, allows a intruder to load arbitrary files and gain unauthorized access to confidential information.
The vulnerability of Ruckus Virtual SmartZone wireless network controller’s microprogramming software relates to the exploitation of a relative path. Exploiting this vulnerability allows an attacker to upload arbitrary files and gain unauthorized access to confidential information...
The vulnerability of the microprogramming software of the TIA Project-Server and the development environment for automation systems, namely the Totally Integrated Automation Portal (Portal TIA), allows unauthorized users to trigger service failures due to unlimited loading of dangerous files.
The vulnerability of the TIA Project-Server server software and the Totally Integrated Automation Portal Portal TIA development environment relates to the unlimited loading of dangerous files. Exploitation of this vulnerability can allow a malicious actor to cause service failures using a special...
The vulnerability of SIMATIC IPC device’s microprogramming software lies in the improper assignment of permissions to critical resources. This allows attackers to circumvent existing security restrictions and enhance their privileges.
The vulnerability of SIMATIC IPC microprogramming software is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow attackers to bypass existing security restrictions and enhance their privileges...
The vulnerability of the SICK DL100 laser sensor, which involves transmitting accounting data in an unencrypted form, allows a violator to execute arbitrary codes.
The vulnerability of the SICK DL100 laser sensor lies in the transmission of accounting data in an unencrypted form. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the child_process() function in the Eclipse Open VSX Registry system allows a hacker to disclose protected information.
The vulnerability of the childprocess function in the Eclipse Open VSX Registry automatic publishing system is related to insufficient control over dynamically managed resources. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC), a virtual device for collecting user authentication data, allows attackers to carry out XSS attacks.
The vulnerability of the Cisco Identity Services Engine ISE web interface and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious act...
The vulnerability of the RADIUS protocol implementation (Remote Authentication in Dial-In User Service) of the Cisco Identity Services Engine (ISE) allows a perpetrator to cause service interruptions.
The vulnerability of the RADIUS protocol implementation Remote Authentication in Dial-In User Service of the Cisco Identity Services Engine ISE platform is related to insufficient comparison. Exploiting this vulnerability allows a malicious actor to cause service interruptions...
The vulnerability of the Internet Communication Manager component in SAP NetWeaver Application Server ABAP and ABAP Platform involves the disclosure of password values in log files, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Internet Communication Manager component in SAP NetWeaver Application Server ABAP and ABAP Platform relates to the disclosure of password values in log files. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the cpp-httplib library in the C++ programming language allows a hacker to cause a service failure.
The vulnerability of the cpp-httplib library in the C++ programming language is related to an uncontrolled consumption of resources. Exploiting this vulnerability may allow a malicious actor to cause service failures...
The vulnerability of the data source plugin for open-source platforms for monitoring and surveillance by Grafana Databricks allows attackers to expose sensitive information.
The vulnerability of the data source plugin for open-source platforms for monitoring and observation by Grafana Databricks is related to insufficient spatial partitioning. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the product suite for facilitating the reception of fax messages, the MICI Network NetFax Server, arises from the failure to implement measures to neutralize special elements. This allows a perpetrator to execute arbitrary commands.
The vulnerability of the product suite for facilitating the reception of fax messages related to MICI Network NetFax Server lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the PowerDNS Recursor DNS server, related to the failure to neutralize special elements in the output data, allows attackers to compromise the integrity and accessibility of the protected information.
The vulnerability of the PowerDNS Recursor DNS server relates to the failure to take measures to neutralize special elements in the output data. Exploiting this vulnerability allows a malicious actor to compromise the integrity and accessibility of the protected information...
The vulnerability of the Scrapy framework for web scraping, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the Scrapy web scraping framework is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the UniSharp laravel-filemanager software package, related to improper code generation, allows a hacker to execute arbitrary code.
The vulnerability of the UniSharp laravel-filemanager software package is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability in the software development environment of Totally Integrated Automation Portal (Portal TIA) and the software for simulating and testing the operation of Siemens S7 controllers arises from incorrect restrictions on XML references to external objects. This allows attackers to access arbitrary files.
The vulnerability of the software development environment of Totally Integrated Automation Portal Portal TIA and the software for simulating and testing the operation of Siemens S7 controllers is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerabilit...
The vulnerability of the ZITADEL identification data management software platform, related to deficiencies in authentication procedures, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the ZITADEL identification data management software platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the Red Hat Ansible Automation Platform, related to the transmission of secret information in the form of open text, allows a perpetrator to gain unauthorized access to the protected information.
The vulnerability of the Red Hat Ansible Automation Platform relates to the transmission of secret information in the form of open text. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Red Hat Ansible Automation Platform lies in the lack of proper input sanitization when requesting an external authentication server. This allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Red Hat Ansible Automation Platform lies in the lack of proper input sanitization when requesting an external authentication server. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the EDA component of the Red Hat Ansible Automation Platform allows a perpetrator to execute arbitrary commands.
The vulnerability of the EDA component of the Red Hat Ansible Automation Platform relates to the implementation or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the Undertow web server, related to uncontrolled recursion, allows attackers who operate remotely to cause service interruptions.
The vulnerability of the Undertow web server is related to uncontrolled recursion. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of Gridscale X Prepay software lies in its ability to bypass the authentication process, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of Gridscale X Prepay software relates to the possibility of bypassing the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Foreman component of the Red Hat Satellite system management software, which involves insecure storage of critical information, allows a hacker to escalate their privileges.
The vulnerability of the Foreman component of the Red Hat Satellite system management software is related to the insecure storage of critical information. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the insufficient protection of registration data, allowing intruders to increase their privileges.
The vulnerability of the software for calculating the positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of Siemens Sinumerik programmable logic controllers’ software lies in the ability to bypass the authentication process by using an alternative path or channel. This allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of Siemens Sinumerik programmable logic controllers lies in the ability to bypass the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected informati...
The vulnerability of the Tsup collector lies in the lack of measures taken to protect the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Tsup collector is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created script in import.meta.url...
The vulnerability of the get_var function in the library for syntax highlighting in the original GeSHi code allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the getvar function in the GeSHi library for syntax highlighting in the source code is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the Bare Metal Operator (BMO) software, related to insufficient spatial partitioning, allows a attacker to disclose protected information.
The vulnerability of the Bare Metal Operator BMO software is related to insufficient spatial partitioning. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the GNU Mailman email distribution management package, related to the possibility of bypassing restricted access catalogs, allows attackers to expose protected information.
The vulnerability of the GNU Mailman email distribution management package relates to the possibility of bypassing a restricted-access catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose protected information...
The vulnerability of Ruckus Virtual SmartZone’s microprogrammed software controllers, related to authentication procedures that lack sufficient safeguards, allows attackers to circumvent existing security restrictions.
The vulnerability of Ruckus Virtual SmartZone wireless network controller’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...
The vulnerability of the software for centralized control of the Ruckus Network Director network infrastructure, which stems from the use of strictly encrypted user credentials, allows a intruder to gain unauthorized access to confidential information.
The vulnerability of the Ruckus Network Director software for centralized control of network infrastructure is related to the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to confidential...
The vulnerability of the Roo Code programming plugin, related to the failure to take measures for data cleaning at the management level, allows a perpetrator to execute arbitrary code.
The vulnerability of the Roo Code programming plugin is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the microprogramming software of the SIMATIC CN 4100 communication gateway, related to insufficient validation of input data, allows a intruder to trigger a service failure.
The vulnerability of the MICROprogramming software for the SIMATIC CN 4100 communication gateway is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service interruptions...
The vulnerability of SIPROTEC 5 devices’ relay protection, automation, and control functions lies in the fact that the disclosure of information is possible through a query string, allowing attackers to expose confidential data.
The vulnerability of SIPROTEC 5 devices for relay protection, automation, and control lies in the ability to disclose information through query strings. Exploiting this vulnerability could allow a malicious actor to disclose confidential information remotely...