90709 matches found
The vulnerability of the kcp software, related to deficiencies in the authentication process, allows a perpetrator to circumvent security restrictions.
The vulnerability of the kcp software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions from a remote location...
The vulnerability of the ViewVC online repository viewing system, related to the possibility of bypassing the catalog, allows a violator to gain unauthorized access to protected information.
The vulnerability of the ViewVC online repository viewing system is related to the possibility of bypassing the catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Case Display Page component of the FoxCMS content management system allows a hacker to execute arbitrary code.
The vulnerability of the Case Display Page component of the FoxCMS content management system is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the DDNS Record component of the operating system for managing Synology Router Manager network devices allows a hacker to execute arbitrary commands.
The vulnerability of the DDNS Record component of the operating system used to manage Synology Router Manager devices relates to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the VPN Settings component of the operating system for managing network devices in Synology Router Manager allows a perpetrator to execute arbitrary commands.
The vulnerability of the VPN Settings component of the operating system used to manage Synology Router Manager relates to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the API Endpoint component of the Rising Technosoft CAP Back Office Application allows a malicious actor to gain unauthorized access to user accounts.
The vulnerability of the API Endpoint component in Rising Technosoft CAP Back Office Application relates to authentication bypass. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to user accounts...
The vulnerability of the API Endpoint component of the Rising Technosoft CAP Back Office Application allows a attacker to trigger a service failure.
The vulnerability of the API Endpoint component in Rising Technosoft CAP Back Office Application is related to insufficient control over the frequency of interactions. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the OTP mechanism implemented in Rising Technosoft’s CAP Back Office Application allows attackers to bypass the 2FA protection and gain unauthorized access.
The vulnerability of the OTP mechanism implemented in Rising Technosoft’s CAP Back Office Application relates to bypassing the authentication process by using an alternative method or channel. Exploiting this vulnerability allows a malicious actor, operating remotely, to circumvent 2FA protection...
The vulnerability of the file conversion tools between different formats, such as PS/IGES Parasolid Translator, arises from reading beyond the memory limit. This allows attackers to cause service failures or execute arbitrary code.
The vulnerability of the file conversion tools between different formats PS/IGES, Parasolid Translator is related to reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...
The vulnerability of the web interface of the microprogramming software router LB-Link BL-CPE300M allows a attacker to carry out XSS attacks.
The vulnerability of the web interface of the microprogramming software-based router LB-Link BL-CPE300M is related to the lack of measures taken to protect the web page structure when processing the cmd parameter. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
Vulnerability of microprogrammed software for Siemens LOGO! 12/24RCE, LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS LOGO! 230RCEo, SIPLUS LOGO! 24CE, SIPLUS LOGO! 24CEo, SIPLUS LOGO! 24RCE, SIPLUS LOGO! 24RCEo. This vulnerability is related to the absence of authentication for a critical function, allowing an intruder to execute arbitrary code.
The vulnerability of the microprogrammed logic controllers from Siemens, such as LOGO! 12/24RCE, LOGO! 12/24RCEo, LOGO! 230RCE, LOGO! 230RCEo, LOGO! 24CE, LOGO! 24CEo, LOGO! 24RCE, LOGO! 24RCEo, LOGO! 24RCE, LOGO! 24RCEo, SIPLUS LOGO! 12/24RCE, SIPLUS LOGO! 12/24RCEo, SIPLUS LOGO! 230RCE, SIPLUS...
The vulnerability of the Network File System (NFS) of the Synology DiskStation Manager operating system allows a hacker to read arbitrary files.
The vulnerability of the Network File System NFS of the Synology DiskStation Manager operating system is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...
The vulnerability of the Tecnick TCExam software for conducting online exams lies in the lack of measures taken to protect the website structure, allowing attackers to carry out XSS attacks.
The vulnerability of the Tecnick TCExam software for online exams is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Sitecore Experience Platform (XP) and Sitecore Experience Manager (XM) content management systems, related to improper code generation, allows attackers to execute arbitrary code.
The vulnerability of the Sitecore Experience Platform XP and Sitecore Experience Manager XM content management systems is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Tecnick TCExam software for conducting online exams lies in the lack of measures taken to protect the SQL query structure. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Tecnick TCExam software for conducting online exams is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the file upload function in the software platform used for audio and video calls on Unblu Spark allows a perpetrator to upload any desired files.
The vulnerability of the file upload function in the software platform used for audio and video calls in Unblu Spark relates to the ability to upload files of a dangerous type without restrictions. Exploiting this vulnerability allows an attacker who operates remotely to upload any type of files...
The vulnerability of the searchByPage function in the Novel-Plus content management system allows a hacker to execute malicious code remotely.
The vulnerability of the searchByPage function in the Novel-Plus content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute malicious code remotely...
The vulnerability of the HTTP Proxy-Authorization header of the Vproxy proxy server allows a hacker to trigger a service denial.
The vulnerability of the HTTP Proxy-Authorization header of the Vproxy proxy server is related to the lack of zero-division checking. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the changed-files software package for CI/CD automation tools allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the changed-files software package for CI/CD automation processes is related to the presence of undeclared capabilities. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the webhook component of the Git server from Soft Serve allows a hacker to perform an SSRF attack.
The vulnerability of the webhook component of the Git server from Soft Serve relates to insufficient validation of requests at the server-side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...
The software’s vulnerability related to integrating PI Integrator for Business Analytics involves unlimited uploading of dangerous types of files, allowing attackers to upload and save any type of files they desire.
The vulnerability of the PI Integrator for Business Analytics software lies in its ability to allow unlimited uploading of dangerous files. Exploiting this vulnerability could enable a malicious actor to upload and store any desired files remotely...
The vulnerability of the Manifest File Handler component in Comodo Internet Security Premium antivirus software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Manifest File Handler component in Comodo Internet Security Premium relates to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...
The vulnerability of the setDeferredReply function in the Valkey data structure server allows a attacker to compromise the accessibility of protected information.
The vulnerability of the setDeferredReply function in the Valkey data structure server is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...
The vulnerability of the Socket Appender component in the Apache Log4j Core API library allows a attacker to intercept log traffic.
The vulnerability of the Socket Appender component in the Apache Log4j Core API library implementation is related to improper verification of certificate authenticity. Exploiting this vulnerability could allow an attacker to intercept log traffic remotely...
The vulnerability of the embedded software loading service for D-Link DIR-605 routers allows a hacker to execute arbitrary commands.
The vulnerability of the embedded software loading service for D-Link DIR-605 routers is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of demons in processing Router Solicitation and Router Advertisement in IPv6, implemented in rtsol(8) and rtsold(8) of the FreeBSD kernel, allows a perpetrator to execute arbitrary code.
The vulnerability of demons for processing Router Solicitation and Router Advertisement in IPv6, represented by rtsol8 and rtsold8 in FreeBSD kernels, is related to the failure to implement measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of Lenovo Dispatcher 3.0 and Dispatcher 3.1 consumer notebook drivers, related to insufficient access control, allows attackers to elevate privileges and execute arbitrary code.
The vulnerability of Lenovo Dispatcher 3.0 and Dispatcher 3.1 consumer notebook drivers is related to insufficient access control. Exploiting this vulnerability can allow attackers to gain elevated privileges and execute arbitrary code...
Microsoft Edge browser’s vulnerability, related to bypassing authentication through spoofing, allows attackers to elevate their privileges.
The vulnerability of Microsoft Edge relates to bypassing authentication through spear-phishing techniques. Exploiting this vulnerability allows a malicious actor to gain increased privileges remotely...
The vulnerability of the userfaultfd_writeprotect() function in the fs/userfaultfd.c module of the Linux file system support module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the userfaultfdwriteprotect function in the fs/userfaultfd.c module of the Linux file system support module is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and...
The vulnerabilities of the functions ForegroundLockActivity() and MainActivity() in the Reolink app for video surveillance management, which allow a intruder to gain unauthorized access to the app’s data and functions.
The vulnerability of the ForegroundLockActivity and MainActivity functions in the Reolink app for video surveillance system management involves bypassing the authentication process by using an alternative path. Exploiting this vulnerability could allow a malicious actor to gain unauthorized acces...
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the lack of authentication procedures. This allows attackers to gain access to read profile parameters.
The vulnerabilities of the software used for developing and executing applications in the ABAP language of SAP NetWeaver Application Server are related to deficiencies in the authentication process. Exploiting these vulnerabilities can allow attackers to gain read access to profile parameters...
The vulnerability of the Adobe Document Service component in SAP NetWeaver AS Java software integration platforms allows attackers to gain access to and modify system data.
The vulnerability of the Adobe Document Service component in SAP NetWeaver AS Java software integration platforms is related to its dependence on a vulnerable external component. Exploiting this vulnerability can allow attackers to gain access to and modify system data...
The vulnerability of the My Timesheet Fiori 2.0 software component, which is used for workforce management in SAP HCM, allows a hacker to escalate their privileges.
The vulnerability of the My Timesheet Fiori 2.0 software, a personnel management solution for SAP HCM, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain elevated privileges...
The vulnerability of the My Timesheet Fiori 2.0 software component, which is used for workforce management in SAP HCM, allows a hacker to escalate their privileges.
The vulnerability of the My Timesheet Fiori 2.0 software, a personnel management solution for SAP HCM, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain elevated privileges...
The vulnerability of the SAP Business Planning and Consolidation solution for managing financial indicators allows a perpetrator to trigger a service failure.
The vulnerability of the SAP Business Planning and Consolidation solution for managing financial indicators is related to the lack of verification of input data for cyclical operations. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the software for working with PDF files, UPDF for Windows operating systems, allows a hacker to execute arbitrary code.
The vulnerability of UPDF software for working with PDF files on Windows operating systems is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...
The vulnerability of the software for working with PDF files, UPDF for Windows operating systems, allows a perpetrator to execute arbitrary code.
The vulnerability of UPDF software for working with PDF files on Windows operating systems is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...
The vulnerability of the debug interface of the microprogrammable logic controllers JUMO variTRON 300, JUMO variTRON 500, and JUMO variTRON 500 touch allows a intruder to gain unauthorized access to the device.
The vulnerability of the debug interface of the microprogrammed logic controllers JUMO variTRON 300, JUMO variTRON 500, and JUMO variTRON 500 touch is related to errors in the code of the pseudo-random number generator. Exploiting this vulnerability can allow an intruder to gain unauthorized acce...
The vulnerability of the Kapsch TrafficCom RIS-9260 road communication module lies in the lack of authentication for a critical function, allowing a violator to gain unauthorized access to protected information.
The vulnerability of the Kapsch TrafficCom RIS-9260 road communication module’s microprogramming software lies in the lack of authentication for critical functions. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protected information...
The vulnerability of the I-O Data Device UD-LT2 router’s microprogramming software exists due to the lack of measures to neutralize specific elements. This allows attackers to execute arbitrary commands.
The vulnerability of the I-O Data Device UD-LT2 router’s microprogramming software exists due to the lack of measures taken to neutralize certain special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of NVIDIA DGX OS workstations’ operating system for DGX Spark GB10 artificial intelligence systems involves insecure privilege management. This vulnerability allows a malicious actor to trigger service failures, access and modify sensitive information.
The vulnerability of NVIDIA DGX OS workstations for DGX Spark GB10 artificial intelligence systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to cause service failures, disclose, and modify protected information...
The vulnerability of the software platform for managing Requarks Wiki.js, related to the incorrect duration of the session, allows a violator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the software platform for managing Requarks Wiki.js is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the write_headers() function in the cpp-httplib library, which allows a hacker to modify protected information
The vulnerability of the writeheaders function in the cpp-httplib library is related to the lack of measures taken to neutralize CRLF sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to modify protected information by sending a specially crafted HTTP request...
The vulnerability of the command-line interface (CLI) of NPort terminal server software products, models 6100-G2/6200-G2, allows a hacker to alter the device’s configuration data.
The vulnerability of the command-line interface CLI of NPort terminal server software for models 6100-G2/6200-G2 is related to deficiencies in the access control mechanism. Exploiting this vulnerability could allow a malicious actor to alter the device’s configuration data remotely...
The vulnerability of the gRPC authentication application interface of the RustFS distributed data storage system allows a perpetrator to bypass existing security mechanisms and gain unauthorized access to the system.
The vulnerability of the gRPC authentication application interface of the RustFS distributed data storage system is related to the use of strictly encrypted credentials. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms and gain unauthorized access to t...
The vulnerability of the Kibana data visualization service, related to authentication errors, allows a violator to elevate their privileges.
The vulnerability of the Kibana data visualization service is related to authentication errors. Exploiting this vulnerability allows a malicious actor to gain elevated privileges...
The vulnerability of the Kibana data visualization service, related to authentication errors, allows a violator to elevate their privileges.
The vulnerability of the Kibana data visualization service is related to authentication errors. Exploiting this vulnerability allows a malicious actor to gain elevated privileges...
The vulnerability of software for centralized monitoring and management in environments with a large number of devices, Lenovo XClarity Orchestrator (LXCO), arises from the use of an unprotected alternative channel. This allows a malicious actor to gain unauthorized access to internal functions or data.
The vulnerability of software for centralized monitoring and management in environments with a large number of devices relates to the use of an unprotected alternative channel. Exploiting this vulnerability can allow an attacker to gain unauthorized access to internal functions or data...
The vulnerability of the functions ForegroundLockActivity() and WelcomeActivity() in the Reolink app for video surveillance management, which allows a intruder to gain unauthorized access to the functions or components of the app.
The vulnerability of the ForegroundLockActivity and WelcomeActivity functions in the Reolink app for video surveillance management involves redirecting URLs to an unreliable website. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the...
The vulnerability of the My Timesheet Fiori 2.0 software component, which is used for workforce management in SAP HCM, allows a hacker to escalate their privileges.
The vulnerability of the My Timesheet Fiori 2.0 software, a personnel management solution for SAP HCM, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain elevated privileges...