90709 matches found
The vulnerability of the Next.js software platform for creating web applications, related to shortcomings in HTTP request processing, allows attackers to trigger service failures.
The vulnerability of the Next.js software platform for creating web applications is related to shortcomings in HTTP request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the sub_403198() function in the /cgi-bin/wireless.cgi script of the Wavlink NU516U1 router’s microprogramming system, allowing a hacker to execute arbitrary commands.
The vulnerability of the sub403198 function in the /cgi-bin/wireless.cgi script of the Wavlink NU516U1 router’s microprogramming system is related to the lack of measures taken to clean data at the control level when processing the mac5g parameter. Exploiting this vulnerability could allow a remo...
The vulnerability of the “Multi-Functional Export/Import in Excel” plugin, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the “Multi-Functional Export/Import in Excel” plugin is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the client in the Kermit protocol implementation of the C-Kermit software for serial and network communication allows a perpetrator to execute arbitrary code.
The vulnerability of the Kermit protocol implementation in the C-Kermit software for serial and network communication lies in the absence of an authentication mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted file on behalf ...
The vulnerability of the Downloads Panel component of the Mozilla Firefox browser and the Thunderbird email client allows attackers to perform spear-phishing attacks.
The vulnerability of the Downloads Panel component in the Mozilla Firefox browser and the Thunderbird email client is related to deficiencies in the authentication process, resulting from incorrect display of the domain name in the address bar. Exploiting this vulnerability allows a malicious act...
The vulnerability of the JIT-compiler used by Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to induce a service failure.
The vulnerability of the JIT-compiler used by Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the System Configuration component of the Oracle Financial Services Analytical Applications Infrastructure platform allows a perpetrator to gain full control over the application.
The vulnerability of the System Configuration component of the Oracle Financial Services Analytical Applications Infrastructure platform relates to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to gain full control ove...
The vulnerability of IBM OpenPages, a risk management platform for enterprises, related to deficiencies in HTTP request processing, allows attackers to perform cache poisoning attacks or intercept sessions.
The vulnerability of IBM OpenPages, a risk management platform for enterprises, is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to perform a cache poisoning attack or intercept sessions by sending specially crafted HTTP requests remote...
The vulnerability of the IBM QRadar SIEM system for event collection and analysis, related to privilege assignment errors, allows attackers to elevate their privileges.
The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to privilege assignment errors. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the IBM QRadar SIEM system for event collection and analysis lies in the insufficient protection of the website structure, which allows attackers to disclose protected information.
The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The software for cleaning and optimizing the Trend Micro Cleaner One Pro system is vulnerable due to errors in processing files with the .LNK extension. This vulnerability allows attackers to increase their privileges and gain access to delete files.
The vulnerability of the software for cleaning and optimizing the Trend Micro Cleaner One Pro system is related to errors in processing files with the extension .LNK locals. Exploiting this vulnerability can allow an attacker to increase their privileges and gain access to delete files...
The vulnerability of the GetGroupFilteredUsers function on the PolicyServer server, a feature of Trend Micro Endpoint Encryption (TMEE), allows a malicious actor to increase their privileges.
The vulnerability of the GetGroupFilteredUsers function in the PolicyServer server, a component of the Trend Micro Endpoint Encryption TMEE data encryption solution, is related to the use of a potentially dangerous function. Exploiting this vulnerability could allow an attacker to increase their...
The vulnerability of the mnt_ns_from_dentry() function in the fanotify component of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the mntnsfromdentry function in the fanotify component of the Linux kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Express adapter, the React Router routing library, and the React framework in the Remix framework allows attackers to induce a service failure.
The vulnerability of the Express adapter related to the React Router routing library in the Remix framework is linked to shortcomings in HTTP request handling. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of the pps_register_cdev() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the ppsregistercdev function in the Linux operating system is related to the disclosure of information in error messages. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the n_gsm component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the ngsm component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the tcp_metrics component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the tcpmetrics component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the bpf_sock_addr() function in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the bpfsockaddr function in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of sub_401B30 in the microprogramming software of Wavlink NU516U1 allows a hacker to execute arbitrary commands.
The vulnerability of sub401B30 in the microprogramming software of Wavlink NU516U1 lies in the lack of measures taken to clean data at the control level when processing the argument remoteManagementEnabled. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via...
The vulnerability of the App Router router on the Next.js software development platform for creating web applications, as well as the CLI interface of the Vercel platform, allows attackers to compromise the integrity of protected information.
The vulnerability of the App Router router on the Next.js software development platform and the Vercel command-line interface CLI platform is related to shortcomings in HTTP request processing. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected...
The vulnerability of function sub_4016F0 in the microprogrammed software of Wavlink NU516U1 allows a hacker to execute arbitrary commands.
The vulnerability of sub4016F0 in the microprogrammed Wavlink NU516U1 router software is related to the failure to take measures for data cleaning at the control level when processing the delflag argument. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands via PO...
The vulnerability of the “Multi-Functional Export/Import in Excel” plugin lies in the incorrect limitation of the path to the catalog, which allows an intruder to gain unauthorized access to protected information.
The vulnerability of the “Multi-Functional Export/Import in Excel” plugin is related to incorrect restrictions on the path name to the catalog. Exploitation of this vulnerability may allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the Mozilla Firefox browser and the Thunderbird email client, related to writing beyond the buffer limit, allows attackers to execute arbitrary code.
The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to writing beyond the buffer limit. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Block Storage component of the Sun ZFS Storage Appliance Kit (AK) allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the Block Storage component in the Sun ZFS Storage Appliance Kit AK is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to modify, add, or delete data...
The vulnerability of the online business analytics service IBM Cognos Analytics, related to the use of files and directories accessible to external parties, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the online business analytics service IBM Cognos Analytics lies in the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the sprintf function in Tenda AC18 router microprogramming software allows a hacker to execute arbitrary code or cause a service failure due to incorrect HTTP requests.
The vulnerability of the sprintf function in Tenda AC18 router microprogramming software is related to the execution of operations outside the buffer in memory when processing the scanList parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service...
The vulnerability of the Zohocorp ManageEngine Exchange Reporter Plus software, a monitoring, analysis, and reporting tool, arises from the lack of protective measures for the website structure. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the monitoring, analysis, and reporting software Zohocorp ManageEngine Exchange Reporter Plus is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected...
The vulnerability of the Malcure Malware Scanner plugin in the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the Malcure Malware Scanner plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Trend Micro Password Manager lies in its improper handling of links before accessing a file. This allows attackers to escalate their privileges.
The vulnerability of the Trend Micro Password Manager lies in the improper handling of the link before accessing the file. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the run_unpack() function in the Linux operating system’s kernel, which allows a hacker to trigger a service failure
The vulnerability of the rununpack function in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability could allow an attacker to trigger a service failure...
The vulnerability of the LibreChat artificial intelligence-based platform, related to uncontrolled resource consumption, allows a violator to trigger a service failure.
The vulnerability of the LibreChat artificial intelligence-based platform is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the dst_dev_rcu() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the dstdevrcu function in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the nbd component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the nbd component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the `__pnet_find_base_ndev()` function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the pnetfindbasendev function in the Linux operating system is related to the use of memory after it has been freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the JIT-compiler used by Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to execute arbitrary code.
The vulnerability of the JIT-compiler used by Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the Netmonitor component affects browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird, allowing attackers to escalate their privileges.
The vulnerability of the Netmonitor component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
The vulnerability of the IBM QRadar SIEM system for event collection and analysis, related to privilege assignment errors, allows attackers to elevate their privileges.
The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to privilege assignment errors. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the JetBrains YouTrack project and task management software, related to bypassing authentication using a user-controlled key, allows unauthorized access to protected information.
The vulnerability of the JetBrains YouTrack project and task management software relates to the bypassing of authentication using a key controlled by the user. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the strcpy function in the microprogramming software for Tenda AC18 routers allows a hacker to execute arbitrary code or cause a service failure due to incorrect HTTP requests.
The vulnerability of the strcpy function in the microprogramming software for Tenda AC18 routers is related to the operation that goes beyond the buffer boundaries in memory when processing the mac argument. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause...
The vulnerability of the administrator console of the Zimbra Collaboration Suite email management system allows a hacker to trigger a service failure.
The vulnerability of the administrator console of the Zimbra Collaboration Suite email management system involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending a specially crafted GET request...
The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services lies in the lack of measures taken at the administrative level to clean up data. This allows attackers to gain unauthorized access to confidential information.
The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to...
The vulnerability of the Zoho ManageEngine Applications Manager software, related to the lack of data cleaning at the management level, allows a perpetrator to execute arbitrary commands.
The vulnerability of the Zoho ManageEngine Applications Manager software relates to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the Devnex Addons component of the WordPress Elementor plugin allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Devnex Addons component of the WordPress Elementor plugin, related to authentication errors, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the verify_field_val() function in the Integration for Contact Forms and Google Sheets plugin of the WordPress content management system allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the verifyfieldval function in the Integration for Contact Forms and Google Sheets plugin of the WordPress content management system is related to deserialization mechanism flaws. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause...
The vulnerability of the Wazuh intrusion detection and prevention system, related to synchronization errors when using a shared resource (“Race Situation”), allows intruders to increase their privileges.
The vulnerability of the Wazuh intrusion detection and prevention system is related to synchronization errors when using a shared resource “Race Conditions”. Exploiting this vulnerability can allow attackers to increase their privileges...
The system for managing user and group identification in OpenText Directory Services is vulnerable due to insufficient validation of entered data. This allows a perpetrator to execute arbitrary codes.
The vulnerability of the system for managing user and group identification in OpenText Directory Services is related to insufficient validation of entered data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...
The vulnerability of the PERF_IDX2OFF() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the PERFIDX2OFF function in the Linux operating system is related to the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Delete_Mac_list component on page sub_4030C0 of the Wavlink NU516U1 router’s microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the DeleteMaclist component of the sub4030C0 function in the microprogramming software for Wavlink NU516U1 is related to the failure to take data cleaning measures at the control level when processing the deletelist argument. Exploiting this vulnerability allows an attacker t...
The vulnerability of function sub_401778 in the microprogramming software of Wavlink NU516U1 allows a hacker to execute arbitrary commands.
The vulnerability of function sub401778 in the microprogrammed Wavlink NU516U1 router software is related to the lack of measures taken to clean data at the control level when processing the argument dmzflagt. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...
The vulnerability of the Elastic Defend software for detection, monitoring, and responding to threats arises from improper storage of permissions, allowing attackers to increase their privileges.
The vulnerability of the software for detecting, monitoring, and responding to threats from Elastic Defend is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to enhance their privileges...