90709 matches found
The vulnerability of SIPROTEC relay protection devices lies in the insufficient protection of operational data during debugging code implementation, allowing attackers to execute arbitrary code.
The vulnerability of SIPROTEC relay protection devices is related to insufficient protection of service data during code debugging. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of software for the design, operation, and maintenance of technological installations—including COMOS, Simcenter 3D, and Simcenter Femap—is related to errors in the authentication process. These errors allow attackers to carry out “man-in-the-middle” attacks.
The vulnerabilities of the software for designing, operating, and maintaining technological installations—COMOS, Simcenter 3D, and Simcenter Femap—are related to errors in the authentication process. Exploiting these vulnerabilities can allow a remote attacker to carry out a “man-in-the-middle”...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC), a virtual device for collecting user authentication data, allows attackers to carry out XSS attacks.
The vulnerability of the Cisco Identity Services Engine ISE web interface and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious act...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to disclose protected information.
The vulnerability of the Cisco Identity Services Engine ISE web interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
The vulnerability of the application for facilitating two-way information transmission (between IBM Security QRadar SIEM and QRadar SOAR). The IBM SOAR QRadar Plugin App allows a perpetrator to read and write arbitrary files within the system.
The vulnerability of the application for ensuring two-way information transmission between IBM Security QRadar SIEM and QRadar SOAR is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files in the system using a...
The vulnerability of the OU History Report component of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a malicious actor to execute custom requests and gain access to the database table records.
The vulnerability of the OU History Report component of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the MCP-server Framelink Figma MCP Server lies in the use of an unprotected alternative channel, allowing attackers to execute arbitrary commands.
The vulnerability of the MCP-server Framelink Figma MCP Server is related to the use of an unprotected alternative channel. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the Industrial Process Management Software EcoStruxure OPC UA Server Expert, related to unlimited resource distribution, allows a perpetrator to trigger a service failure.
The vulnerability of the industrial process management software EcoStruxure OPC UA Server Expert is related to unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the PHP framework Laravel, related to the lack of protection for website structure, allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the PHP framework Laravel is related to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the UniFi Access access control system, related to deficiencies in authentication procedures, allows a perpetrator to gain full control over the system.
The vulnerability of the UniFi Access access control system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full control over the system...
The vulnerability of the H5C__load_entry() function in the H5Centry.c file of the HDF5 library allows a hacker to trigger a service failure.
The vulnerability of the H5Cloadentry function in the H5Centry.c file of the HDF5 library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious individual to cause service interruptions...
The vulnerability of the LTI13Authenticator function of the JupyterHub jupyterhub-ltiauthenticator, related to cryptographic signature verification errors, allows a perpetrator to execute remote code, thereby enabling them to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the LTI13Authenticator function of the JupyterHub jupyterhub-ltiauthenticator component is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and accessibility of the...
The vulnerability of the pgai library, related to lack of access control, allows a hacker to execute arbitrary code.
The vulnerability of the pgai library is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...
The vulnerability of the transformMiddleware function in the @fs mechanism of the local development server for Vite allows a hacker to read arbitrary files.
The vulnerability of the transformMiddleware function in the @fs mechanism of the local development server for Vite applications is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files by...
The vulnerability of the automatic backup service for software network firewalls based on the FreeBSD operating system, Netgate pfSense, allows a intruder to execute arbitrary code.
The vulnerability of the automatic backup service for software network firewalls based on the FreeBSD Netgate pfSense operating system is related to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability allows a remote attacker to execute arbitra...
The vulnerability of the software for centralized control of the Ruckus Network Director’s network infrastructure lies in the use of a hard-crypted cryptographic key. This allows attackers to circumvent existing security restrictions and gain increased privileges.
The vulnerability of the software for centralized control of the Ruckus Network Director is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to enhance their privileges and gain access to the RND server...
The vulnerability of SIPROTEC relay protection devices lies in the use of default login credentials, which allows attackers to gain unauthorized access to confidential information.
The vulnerability of SIPROTEC relay protection devices is related to the use of default login credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential information...
The vulnerabilities of Drag and Drop Multiple File Upload PRO and Drag and Drop Multiple File Upload PRO – Contact Form 7, a WordPress content management system, allow attackers to execute XSS attacks.
The vulnerability of Drag and Drop Multiple File Upload PRO and Drag and Drop Multiple File Upload PRO – Contact Form 7, a WordPress content management system, is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows an attacker to perform...
The vulnerability of the child_process.exec component in the MCP Server library allows a hacker to execute arbitrary code.
The vulnerability of the childprocess.exec component in the MCP Server library is related to the lack of data cleansing measures at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Dyad application development platform, related to improper code generation management, allows a hacker to execute arbitrary code.
The vulnerability of the Dyad application development platform is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC), a virtual device for collecting user authentication data, allows attackers to carry out XSS attacks.
The vulnerability of the Cisco Identity Services Engine ISE web interface and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious act...
The vulnerability in the web interfaces of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the Web interfaces of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious...
The software for developing and executing applications in the ABAP language of SAP NetWeaver Application Server is vulnerable, allowing attackers to increase their privileges.
The vulnerability of the software used for developing and executing applications in the ABAP language of SAP NetWeaver Application Server is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to increase their privileges remotely...
The vulnerability of the integrated environment for managing the development lifecycle of IBM Jazz Foundation, related to improper authorization, allows a perpetrator to gain access to confidential information.
The vulnerability of the integrated environment for managing the development lifecycle of IBM Jazz Foundation is related to improper authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...
The vulnerability of the SAP S/4HANA software platform allows a perpetrator to execute arbitrary code.
The vulnerability of the SAP S/4HANA software platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the connection application between the cloud platform and the local system via SAP Cloud Connector arises from the lack of authentication. This allows attackers to gain unauthorized access and modify protected information.
The vulnerability of the connection application between the cloud platform and the local system via SAP Cloud Connector is related to the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access and modify protected...
The vulnerability of the software for developing and executing applications in the ABAP language of SAP NetWeaver Application Server allows a perpetrator to execute arbitrary code.
The vulnerability of the software used for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of software for centralized control of desktop PCs in the Zohocorp ManageEngine EndPoint Central network allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of software for centralized control of desktop PCs in the Zohocorp ManageEngine EndPoint Central network is related to errors in processing XML requests. Exploiting this vulnerability allows a perpetrator to execute arbitrary code using specially created XML data...
The vulnerability of the Zohocorp ManageEngine Exchange Reporter Plus software, a monitoring, analysis, and reporting tool, arises from the lack of measures taken to protect the website structure. This allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the monitoring, analysis, and reporting software Zohocorp ManageEngine Exchange Reporter Plus is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the data source plugin for open-source platforms for monitoring and surveillance by Grafana Databricks allows attackers to expose sensitive information.
The vulnerability of the data source plugin for open-source platforms for monitoring and observation by Grafana Databricks is related to insufficient spatial partitioning. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the SolarWinds Observability Self-Hosted (SWOSH) software for network monitoring and IT infrastructure management lies in the lack of security measures to protect the SQL query structure. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the SolarWinds Observability Self-Hosted SWOSH software for network monitoring and IT infrastructure management is related to the lack of security measures for SQL query structures. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...
The vulnerability of the software platform for managing network equipment, Ubiquiti UISP, arises from the lack of measures taken to protect the SQL query structure. This allows attackers to enhance their privileges.
The vulnerability of the Ubiquiti UISP software platform relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges remotely...
The vulnerability of the Cisco Cyber Vision Center network security control software lies in the lack of protective measures for the website structure, allowing attackers to carry out cross-site scripting attacks (XSS).
The vulnerability of the Cisco Cyber Vision Center network security control software is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of hosting game streams on Sunshine, related to the manipulation of cross-site requests, allows a perpetrator to carry out a CSRF attack.
The vulnerability of Sunshine’s hosting for gaming streams relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web page...
The vulnerability of the CNCSoft-G2 numerical control software lies in the execution of operations beyond the buffer limits in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the CNCSoft-G2 numerical control software lies in the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the N8n automation platform, related to deficiencies in the mechanism for verifying input data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the N8n automation platform for work processes is related to deficiencies in the mechanism for verifying input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a specially crafted JS...
The vulnerability of the Scrapy framework for web scraping, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the Scrapy web scraping framework is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the library for calculating and analyzing expressions Expr, related to unlimited resource distribution, allows a perpetrator to perform a denial-of-service attack.
The vulnerability of the library for calculating and analyzing expressions related to Expr is associated with unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to perform denial-of-service attacks...
The vulnerability of the EDA component of the Red Hat Ansible Automation Platform allows a perpetrator to execute arbitrary commands.
The vulnerability of the EDA component of the Red Hat Ansible Automation Platform is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the Internet Communication Manager component in SAP NetWeaver Application Server ABAP and ABAP Platform involves the disclosure of password values in log files, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Internet Communication Manager component in SAP NetWeaver Application Server ABAP and ABAP Platform relates to the disclosure of password values in log files. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of software for managing, controlling, and organizing printing processes in Vasion Print Virtual Appliance Host and Print Application lies in errors related to the authentication process. This allows attackers to execute arbitrary code or escalate their privileges.
The vulnerability of software for managing, controlling, and organizing printing processes in Vasion Print Virtual Appliance Host and Print Application is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or...
The vulnerability of the web interface of D-Link DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B routers allows a hacker to alter DNS settings.
The vulnerability of the web interface of D-Link DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B routers lies in the lack of measures to neutralize specific elements. Exploiting this vulnerability can allow a remote attacker to alter DNS settings...
The vulnerability of the IBM API Connect application programming interface management platform stems from authentication mechanisms that have deficiencies, allowing attackers to gain unauthorized access to the platform.
The vulnerability of the IBM API Connect application programming interface platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to the platform remotely...
The vulnerability of the Code Node function on the N8n platform, which allows a hacker to execute arbitrary code.
The vulnerability of the Code Node function on the N8n automation platform relates to a breach of data protection mechanisms. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of CODESYS software products, related to the improper use of standard resolutions, allows a perpetrator to gain access to confidential information.
The vulnerability of CODESYS software products is related to the incorrect use of standard resolutions. Exploiting this vulnerability can allow an attacker to access confidential information...
The vulnerability of the cpp-httplib library, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the cpp-httplib library is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the wireless modem module SIMCom SIM7600G lies in the presence of undocumented configuration commands, allowing a perpetrator to execute arbitrary commands.
The vulnerability of the wireless modem module SIMCom SIM7600G is related to the presence of undocumented configuration commands. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...
The vulnerability of the Umbraco CMS system, related to errors in processing the relative path to the catalog, allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Umbraco CMS content management system is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker to influence the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of microprogrammed software in differential protection relays for transformers, such as IDF relays, and in line distance protection relays like ZLF relays, is related to uncontrolled resource consumption. This allows attackers to cause malfunctions in maintenance operations.
The vulnerability of microprogrammed software in differential protection relays for transformers, such as IDF, and in line distance protection relays like ZLF, is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause malfunctions in the...
The vulnerability of the client library libmysqlclient of the logical backup copying tool MyDumper MySQL allows a hacker to disclose protected information.
The vulnerability of the client library libmysqlclient used by the logical backup copy tool MyDumper MySQL is related to insufficient protection for operational data. Exploiting this vulnerability allows a malicious actor to disclose the protected information from a remote location...