90104 matches found
The vulnerability of the FortiSandbox threat detection and mitigation system, related to the lack of authentication, allows a violator to execute arbitrary code.
The vulnerability of the FortiSandbox threat detection and mitigation system is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...
The vulnerability of the r2cmd_str() function in the radare2-mcp server allows a hacker to execute arbitrary code.
The vulnerability of the r2cmdstr function in the radare2-mcp server is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the IntelliJ IDEA integrated development environment lies in the improper definition of symbolic links during file access, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the IntelliJ IDEA integrated development environment is related to the incorrect definition of symbolic links during file access. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the One-Time Password Handler component in the mobile application for managing internet services, the my Excitel App, allows a violator to disclose protected information.
The vulnerability of the One-Time Password Handler component in the mobile application for managing internet services, the my Excitel App, is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclo...
The vulnerability in the email template description of the state module and the Webmin control panel of the hosting system allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the email template description field in the state module of the Webmin hosting control panel is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the software for secure file sharing and transmission of SolarWinds Serv-U, related to uncontrolled resource consumption, allows a perpetrator to trigger a service failure.
The vulnerability of the software for secure file sharing and transmission of SolarWinds Serv-U is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending a specially crafted POST request...
The vulnerability of the handle_pdf_document() function in the framework for creating AI agents, Agent Zero, allows a perpetrator to perform an SSRF attack.
The vulnerability of the handlepdfdocument function in the framework for creating AI agents like Agent Zero is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute an SSRF attack...
The vulnerability of the ConfigurationHandler component in the Flask-AppBuilder web development framework allows a attacker to redirect users to arbitrary URL addresses.
The vulnerability of the Flask-AppBuilder web development framework lies in the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to remotely redirect users to arbitrary URL addresses by manipulating the Host header in HTTP requests...
The vulnerability of the apparmor component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the apparmor component in the Linux operating system’s kernel is related to the lack of memory release after the effective lifespan of the component has ended. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the LookupCNAME() function in the Go programming language allows a perpetrator to trigger a service failure.
The vulnerability of the LookupCNAME function in the Go programming language is related to a memory reclamation error when processing CNAME records. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the command-line interface of the Cisco Catalyst SD-WAN Manager allows a attacker to execute arbitrary code and elevate their privileges to root level.
The vulnerability of the command-line interface of the Cisco Catalyst SD-WAN Manager is related to incorrect encoding or filtering of output data. Exploiting this vulnerability allows an attacker to execute arbitrary code and elevate their privileges to the root level...
The vulnerability of the WLAN microprogramming software’s firmware in Qualcomm embedded chips allows a hacker to induce a service failure.
The vulnerability of WLAN microprogramming software’s firmware in Qualcomm embedded chips relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause system failures remotely...
The vulnerability of the OAuth authorization protocol implemented by the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) allows a attacker to perform a CSRF attack.
The vulnerability of the OAuth authorization protocol implementation of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of the get_abs_path() function in the framework for creating AI agents, Agent Zero, allows a hacker to read arbitrary files.
The vulnerability of the getabspath function in the framework used to create AI agents like Agent Zero is related to an incorrect limitation on the path name for the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to read arbitrary files...
The vulnerability of Qualcomm’s integrated circuit-based microprogramming software, related to the use of dangerous methods or functions, allows attackers to enhance their privileges.
The vulnerability of Qualcomm’s integrated circuit-based microprogramming software relates to the use of dangerous methods or functions. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Camera component in the microprogramming software of Qualcomm’s integrated chips allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Camera component in the microprogramming software of Qualcomm-internal chips is related to unreliable pointer assignment. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the MHTML component in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability of the MHTML component in Google Chrome and Microsoft Edge is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page...
The vulnerability of the OpenCapsule function in UEFI capsule file parsers and 7-Zip archivers allows a hacker to exploit the protected information.
The vulnerability of the OpenCapsule function in UEFI capsule file parsers and 7-Zip archivers is related to the use of uninitialized resources. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
The vulnerability of the SICK TDC-X401GL industrial controller’s microprogramming software, due to deficiencies in access control, allows intruders to compromise the accessibility of protected information.
The vulnerability of the SICK TDC-X401GL industrial controller’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating remotely to compromise the accessibility of protected information...
The vulnerability of the API Endpoint component of the LibreChat artificial intelligence-based platform, which allows a hacker to compromise the integrity of the protected information.
The vulnerability of the API Endpoint component of the LibreChat artificial intelligence-based platform is related to a violation of expected behavior. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the integrity of the protected information...
The vulnerability of Docker’s plugin-based system for creating containerized systems like Moby (Docker Engine) allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of Docker’s plugin-based container creation system, Moby Docker Engine, is related to a single-shift error. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protected information...
The vulnerability of the CHandler::GetSecurity() function, a handler for WIM archives of the 7-Zip archive creator, allows a perpetrator to cause a service failure or disclose confidential information.
The vulnerability of the CHandler::GetSecurity function, a handler for WIM archives of the 7-Zip archive tool, is related to reading data beyond the allowed range of memory. Exploiting this vulnerability could allow an attacker to cause service failures or disclose confidential information...
The vulnerability of the Payments component in Google Chrome and Microsoft Edge browsers allows a hacker to manipulate the URL address bar by using a specially created HTML page.
The vulnerability of the Payments component in Google Chrome and Microsoft Edge is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to forge the URL input by using a specially created HTML page...
The vulnerability of the _gcry_ecc_mont_decodepoint function in the cipher/ecc-misc.c file of the Libgcrypt cryptographic library allows a perpetrator to trigger a service denial.
The vulnerability of the gcryeccmontdecodepoint function in the cipher/ecc-misc.c file of the cryptographic library Libgcrypt is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Windows WLAN Host microprogramming system components in Qualcomm’s embedded chips allows a hacker to trigger memory corruption.
The vulnerability of the Windows WLAN Host microprogramming software in embedded Qualcomm devices is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow an attacker to cause memory corruption...
The vulnerability of the Next.js web application development software platform, related to the loading of unreliable external data alongside reliable data, allows attackers to trigger service failures.
The vulnerability of the Next.js web application development platform lies in the loading of unreliable external data alongside reliable data. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...
The vulnerability of the `net.Dial()` and `net.LookupPort()` functions in the Go programming language for Windows operating systems allows a hacker to cause a service failure.
The vulnerability of the net.Dial and net.LookupPort functions in the Go programming language for Windows operating systems is related to the use of pointers. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the AdFilter component in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.
The vulnerability of the AdFilter component in Google Chrome and Microsoft Edge relates to reading data beyond the permitted range in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page from a remote location...
The vulnerability of the DSP microprogramming software service in Qualcomm’s embedded chips allows attackers to disclose protected information.
The vulnerability of the DSP microprogramming system in Qualcomm’s embedded chips lies in the fact that operations are performed outside of the buffer in memory. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the Parse function in the UDF format file archiver 7-Zip allows attackers to exploit it to disclose protected information.
The vulnerability of the Parse function in the UDF format file processing tool of the 7-Zip archive manager is related to reading data beyond the allowed range of memory. Exploiting this vulnerability allows a remote attacker to disclose the protected information...
The vulnerability of the GPU components in Google Chrome and Microsoft Edge allows a hacker to gain unauthorized access to protected information.
The vulnerability of the GPU components in Google Chrome and Microsoft Edge is related to the use of uninitialized variables. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created HTML page...
The vulnerability of the WebDialer service in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) allows a attacker to perform an SSRF attack.
The vulnerability of the WebDialer service in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME is related to insufficient validation of requests on the server side. Exploiting this vulnerability can allow a maliciou...
The vulnerability of the ECDSA algorithm (Elliptic Curve Digital Signature Algorithm) in the PuTTY cryptographic protection tool allows a perpetrator to induce a service failure.
The vulnerability of the ECDSA Elliptic Curve Digital Signature Algorithm algorithm in the PuTTY cryptographic protection tool is related to an uncontrolled and exploitable assertion. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the ogs_sbi_xact_add() function, a tool for creating and managing NR/LTE Open5GS mobile networks, allows a attacker to cause a service failure.
The vulnerability of the ogssbixactadd function, a component of the NR/LTE Open5GS mobile network creation and management tool, is related to improper cleaning or release of resources. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the Updater service for Google Chrome and Microsoft Edge allows a hacker to escalate their privileges.
The vulnerability of the Updater service for Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the ssh_rsakex_freekey() function in the PuTTY cryptographic protection tool allows a hacker to induce a service failure.
The vulnerability of the sshrsakexfreekey function in the PuTTY cryptographic protection tool is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...
The vulnerability of WebRTC technology in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.
The vulnerability of WebRTC technology in Google Chrome and Microsoft Edge relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability in the DataTransfer interface of Google Chrome and Microsoft Edge allows a hacker to gain access to and modify data.
The vulnerability of the DataTransfer interface in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to and modify data...
Vulnerability of the user interface of Google Chrome and Microsoft Edge browsers, allowing a hacker to execute arbitrary code
The vulnerability of the user interfaces of Google Chrome and Microsoft Edge is related to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML page...
The vulnerability of the Codecs components in Google Chrome and Microsoft Edge allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Codecs components in Google Chrome and Microsoft Edge relates to reading data beyond the permitted range in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information from a remote location...
The vulnerability of the formStaDrvSetup() function in the /goform/formStaDrvSetup file of the EDIMAX BR-6478AC router’s microprogramming software allows a hacker to inject arbitrary commands.
The vulnerability of the formStaDrvSetup function in the /goform/formStaDrvSetup file of the EDIMAX BR-6478AC router’s microprogramming software is related to the lack of measures taken to neutralize special elements in the output data. Exploiting this vulnerability could allow a remote attacker ...
The vulnerability of the FacAtFunction() function in Android mobile devices from Samsung allows a hacker to execute arbitrary commands.
The vulnerability of the FacAtFunction function in Android mobile devices from Samsung is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to execute arbitrary commands...
The vulnerability of the ShortcutService system service in Android mobile devices from Samsung allows a perpetrator to re-record or create arbitrary files.
The vulnerability of the ShortcutService system service in Android mobile devices from Samsung is related to an incorrect path limitation for accessing the directory. Exploiting this vulnerability could allow a attacker to re-record or create arbitrary files...
The vulnerability of the handle_amf_info() function in the NR/LTE Open5GS network creation and management tool allows a attacker to cause a service failure.
The vulnerability of the handleamfinfo function, a component of the NR/LTE Open5GS mobile network creation and management tool, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability in the net/bluetooth/mgmt.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the net/bluetooth/mgmt.c module of the Linux operating system is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the `sco_sock_connect()` function in Linux operating system kernels, which allows a hacker to cause a service failure.
The vulnerability of the scosockconnect function in Linux operating systems is related to a race condition. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of WebRTC technology in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.
The vulnerability of WebRTC technology in Google Chrome and Microsoft Edge relates to the ability to utilize memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Dialog component in Google Chrome and Microsoft Edge browsers allows attackers to perform spear-phishing attacks.
The vulnerability of the Dialog component in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...
The vulnerability of the ogs_pool_id_calloc() function in the library /lib/sbi/nghttp2-server.c, which is used for creating and managing NR/LTE Open5GS mobile networks, allows a attacker to cause a service failure.
The vulnerability of the ogspoolidcalloc function in the library /lib/sbi/nghttp2-server.c, which is used for creating and managing mobile networks like NR/LTE Open5GS, is related to improper cleanup or release of resources. Exploiting this vulnerability could allow a malicious actor to cause...
The vulnerability of the WebCodecs interface in Google Chrome and Microsoft Edge browsers allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the WebCodecs interface in Google Chrome and Microsoft Edge is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...