90709 matches found
The vulnerability of the Cockpit-HQ package of the Cockpit server management system allows a hacker to load arbitrary files.
The vulnerability of the Cockpit-HQ package of the Cockpit server management system involves unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to load any desired files...
The vulnerability of the webhook component of the Git server from Soft Serve allows a hacker to perform an SSRF attack.
The vulnerability of the webhook component of the Git server from Soft Serve relates to insufficient validation of requests at the server-side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...
The vulnerability of the .lite_project.lua file of the Lite XL Text Editor allows a hacker to execute arbitrary code.
The vulnerability of the .liteproject.lua file of the Lite XL Text Editor is related to the pointer manipulation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the microprogramming software of ABB Terra AC wallboxes for electric vehicles lies in buffer overflows in dynamic memory, which allows a intruder to compromise the integrity and accessibility of protected information.
The vulnerability of the microprogramming software of ABB Terra AC wallboxes for electric vehicles is related to the overflow of buffer in dynamic memory. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of the protected information...
The software’s vulnerability related to integrating PI Integrator for Business Analytics involves unlimited uploading of dangerous types of files, allowing attackers to upload and save any type of files they desire.
The vulnerability of the PI Integrator for Business Analytics software lies in its ability to allow unlimited uploading of dangerous files. Exploiting this vulnerability could enable a malicious actor to upload and store any desired files remotely...
The vulnerability of the PI Integrator for Business Analytics software lies in its ability to disclose information during data transmission, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of the PI Integrator for Business Analytics software relates to the disclosure of information during data transmission. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the Bootguard component of the UEFI firmware in Clevo laptops allows a hacker to circumvent existing security restrictions.
The vulnerability of the Bootguard component of the UEFI firmware in Clevo laptops relates to the use of a hard-coded cryptographic key. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...
The vulnerability of the Manifest File Handler component in Comodo Internet Security Premium antivirus software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Manifest File Handler component in Comodo Internet Security Premium relates to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...
The vulnerability of the Quest KACE Systems Management Appliance’s tool for comprehensive network device management, related to errors in verifying cryptographic signatures, allows a perpetrator to upload backup files into the system.
The vulnerability of the Quest KACE Systems Management Appliance SMA tool for comprehensive network device management is related to errors in checking the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to upload backup files into the system remotely...
The vulnerability of the Cluster Metrics Handler component in the toolkit for creating highly competitive, distributed, and fault-tolerant applications allows a hacker to execute remote code.
The vulnerability of the Cluster Metrics Handler component in the Akka toolset for creating highly competitive, distributed, and fault-tolerant applications is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary cod...
The vulnerability of the authenticate_user() function in the system’s operation and management of large language models for LoLLMS (Lord of Large Language Multimodal Systems) allows attackers to intercept user accounts or escalate their privileges.
The vulnerability of the authenticateuser function in the system for launching and managing large language models of LoLLMS Lord of Large Language Multimodal Systems is related to the exposure of information through incompatibility. Exploiting this vulnerability could allow a malicious actor to...
The vulnerability of the mcp library (MCP Python SDK), related to an error in handling exceptional states, allows a violator to trigger a service failure.
The vulnerability of the mcp library MCP Python SDK is related to an error in handling exceptional states. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the cpp-httplib library, related to deficiencies in HTTP request processing, allows attackers to circumvent existing security restrictions and execute the “HTTP request hijacking” attack.
The vulnerability of the cpp-httplib library is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...
The vulnerability of the liboqs implementation library for post-quantum cryptography lies in the insufficient protection of operational data, which allows attackers to gain unauthorized access to the protected information.
The vulnerability of the liboqs implementation library for post-quantum cryptography lies in the insufficient protection of operational data. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to the protected information...
The vulnerability of the web manager responsible for managing files and directories in File Browser, related to bypassing authentication due to a bug in its original implementation, allows an intruder to gain unauthorized access to protected information.
The vulnerability of the web manager responsible for managing files and directories in the File Browser is related to the bypassing of authentication due to a fundamental flaw. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the DICOM Orthanc server, related to insufficient protection of operational data, allows attackers to gain unauthorized access to protected information.
The vulnerability of the DICOM Orthanc server is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Rust library for arithmetic calculations on the curve25519‑dalek elliptic curve, related to the removal of optimization during compilation or the elimination of critical code, allows a perpetrator to compromise the confidentiality of the protected information.
The vulnerability of the Rust library for arithmetic operations on the curve25519‑dalek elliptic curve is related to the removal of optimization during compilation or the elimination of critical code. Exploiting this vulnerability can allow an attacker to compromise the confidentiality of the...
The vulnerability of the pull_request_target function in the dag-factory library allows a violator to execute arbitrary code.
The vulnerability of the pullrequesttarget function in the dag-factory library is related to the lack of measures taken to neutralize special elements used in the team. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the org.apache.commons.jxpath.JXPathContext component in the Knowage business analytics and data analysis platform allows attackers to execute arbitrary code.
The vulnerability of the org.apache.commons.jxpath.JXPathContext component in the Knowage business analytics and data analysis platform is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the NTP Region component of the operating system for managing Synology Router Manager network devices allows a perpetrator to execute arbitrary commands.
The vulnerability of the NTP Region component of the operating system used to manage Synology Router Manager devices is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the MultipartFile.move() function in the bodyparser package of the AdonisJS web application framework allows a attacker to execute arbitrary code.
The vulnerability of the MultipartFile.move function in the bodyparser package of the AdonisJS web application framework is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending...
The vulnerability of the web interface of the microprogramming software router LB-Link BL-CPE300M allows a attacker to carry out XSS attacks.
The vulnerability of the web interface of the microprogramming software-based router LB-Link BL-CPE300M is related to the lack of measures taken to protect the web page structure when processing the cmd parameter. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of the API Endpoint component of the Rising Technosoft CAP Back Office Application allows a attacker to trigger a service failure.
The vulnerability of the API Endpoint component in Rising Technosoft CAP Back Office Application is related to insufficient control over the frequency of interactions. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Vulnerability of microprogrammed software for Siemens LOGO! 12/24RCE, LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, SIPLUS LOGO! 24CE, SIPLUS LOGO! 24CEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo. This vulnerability is related to the absence of authentication for a critical function, allowing an intruder to trigger a service failure.
The vulnerability of the microprogrammed software for Siemens LOGO! 12/24RCE, LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, SIPL...
Vulnerability of microprogrammed software for Siemens LOGO! 12/24RCE, LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, SIPLUS LOGO! 24CE, SIPLUS LOGO! 24CEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo. This vulnerability is related to the absence of authentication for a critical function, allowing an intruder to execute arbitrary code.
The vulnerability of the microprogrammed logic controllers from Siemens, such as LOGO! 12/24RCE, LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS...
Vulnerability of microprogrammed software for Siemens LOGO! 12/24RCE, LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, SIPLUS LOGO! 24CE, SIPLUS LOGO! 24CEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo. This vulnerability is related to the absence of authentication for a critical function, allowing attackers to compromise the integrity of protected information.
The vulnerability of the microprogrammed software for Siemens LOGO! 12/24RCE, LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, SIPL...
The vulnerability of the Sitecore Experience Platform (XP) and Sitecore Experience Manager (XM) content management systems, related to improper code generation, allows attackers to execute arbitrary code.
The vulnerability of the Sitecore Experience Platform XP and Sitecore Experience Manager XM content management systems is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Tecnick TCExam software for conducting online exams lies in the lack of measures taken to protect the website structure, allowing attackers to carry out XSS attacks.
The vulnerability of the Tecnick TCExam software for online exams is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Tecnick TCExam software for conducting online exams lies in the lack of measures taken to protect the SQL query structure. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Tecnick TCExam software for conducting online exams is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the searchByPage function in the Novel-Plus content management system allows a hacker to execute malicious code remotely.
The vulnerability of the searchByPage function in the Novel-Plus content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute malicious code remotely...
The vulnerability of the HTTP GET Request Handler component in the /app/sae/design/desktop/flat file of the software for developing mobile applications in SiberianCMS allows a attacker to perform XSS attacks.
The vulnerability of the HTTP GET Request Handler component in the /app/sae/design/desktop/flat file of the software for developing mobile applications in SiberianCMS is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor ...
The vulnerability of the HTTP Proxy-Authorization header of the Vproxy proxy server allows a hacker to trigger a service denial.
The vulnerability of the HTTP Proxy-Authorization header of the Vproxy proxy server is related to the lack of zero-division checking. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the API Endpoint component of the Rising Technosoft CAP Back Office Application allows a malicious individual to gain unauthorized access to user accounts.
The vulnerability of the API Endpoint component in Rising Technosoft CAP Back Office Application is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to user accounts...
The vulnerability of the OTP mechanism implemented in Rising Technosoft’s CAP Back Office Application allows attackers to bypass the 2FA protection and gain unauthorized access.
The vulnerability of the OTP mechanism implemented in Rising Technosoft’s CAP Back Office Application relates to bypassing the authentication process by using an alternative method or channel. Exploiting this vulnerability allows a malicious actor, operating remotely, to circumvent 2FA protection...
The vulnerability of the API Endpoint component of the Rising Technosoft CAP Back Office Application allows a malicious individual to gain unauthorized access to user accounts.
The vulnerability of the API Endpoint component in Rising Technosoft CAP Back Office Application relates to the lack of a password recovery mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to user accounts...
The vulnerability of the Invite Request Handler component in the software for monitoring functionality and infrastructure of BlueWave Checkmate allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Invite Request Handler component in the software for monitoring functionality and infrastructure of BlueWave Checkmate is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity,...
The vulnerability of CODESYS software, related to the manipulation of the zero pointer, allows a intruder to trigger a service failure.
The vulnerability of CODESYS software products is related to the handling of the zero pointer. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the `upload_to_input_dir` function in the LightRAG framework, which allows a hacker to circumvent security restrictions
The vulnerability of the uploadtoinputdir function in the LightRAG framework is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a attacker to circumvent security restrictions...
The vulnerability of the setDeferredReply function in the Valkey data structure server allows a attacker to compromise the accessibility of protected information.
The vulnerability of the setDeferredReply function in the Valkey data structure server is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...
The vulnerability of Hashview’s software lies in the lack of a password recovery mechanism, allowing attackers to gain access to the user account.
The vulnerability of Hashview software is related to the lack of a password recovery mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to the user account...
The vulnerability of the software for automating marketing and managing customer interactions in Mautic, related to the disclosure of system data that is not authorized in the controlled area, allows a perpetrator to disclose protected information.
The vulnerability of the software for automating marketing and managing customer interactions in Mautic is related to the disclosure of system data that is not accessible to unauthorized parties within the controlled area. Exploiting this vulnerability could allow a malicious actor to disclose...
The vulnerability of the VPN Settings component of the operating system for managing network devices in Synology Router Manager allows a perpetrator to execute arbitrary commands.
The vulnerability of the VPN Settings component of the operating system used to manage Synology Router Manager relates to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the strcpy() function in the microprogramming software for UTT 512W allows a hacker to execute arbitrary code.
The vulnerability of the strcpy function in the UTT 512W router microprogramming system is related to copying buffers without checking the size of the input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted POST request...
The vulnerability of the gfx_v9_0_sw_fini() function in the drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c driver code allows a hacker to cause a service failure in AMD GPU-based Linux operating system DRI (Direct Rendering Infrastructure) kernels.
The vulnerability of the gfxv90swfini function in the drivers/gpu/drm/amd/amdgpu/gfxv90.c driver code relates to AMD GPU cores in Linux operating systems. This vulnerability stems from the lack of memory release after the effective lifespan of a resource. Exploiting this vulnerability could allow...
The vulnerability of the QuMagie multimedia file storage application for QNAP NAS lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.
The vulnerability of the QuMagie multimedia file storage application for QNAP NAS is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Network File System (NFS) of the Synology DiskStation Manager operating system allows a hacker to read arbitrary files.
The vulnerability of the Network File System NFS of the Synology DiskStation Manager operating system is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...
The vulnerability of the changed-files software package for CI/CD automation tools allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the changed-files software package for CI/CD automation processes is related to the presence of undeclared capabilities. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the .innerhtml component in the Open WebUI web interface allows a attacker to execute a DOM-Based XSS attack.
The vulnerability of the .innerHTML component in Open WebUI-based web interfaces exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute a DOM-Based XSS attack remotely...
The vulnerability of the system.exec function in the Lite XL Text Editor allows a hacker to execute arbitrary commands.
The vulnerability of the system.exec function in the Lite XL Text Editor is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of microprogrammed IP cameras, digital and network video recorders from AvtechAVTECH, arises from the failure to take measures to neutralize special elements, allowing violators to execute arbitrary commands.
The vulnerability of microprogrammed IP cameras, digital and network video recorders from AvtechAVTECH is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...