The vulnerability of the PHP web application development platform PHPPHPStudy lies in the improper encoding of the HTTP header Accept-Charset, allowing attackers to execute arbitrary code.

The vulnerability of the PHP web application development platform PHPPHPStudy is related to incorrect encoding of the HTTP header Accept-Charset using Base64 encoding. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to select user account names.

The vulnerability of the Device Admin App on the ctrlX OS involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to select user account names by sending specially crafted HTTP requests remotely...

The vulnerability of the scomp_acomp_comp_decomp() function in the crypto/scompress.c module of the Linux kernel’s cryptographic subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the scompacompcompdecomp function in the crypto/scompress.c module of the Linux kernel security subsystem is related to buffer overflow based on a stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of t...

The vulnerability of the SSH protocol implementation in Cisco Unified Computing System servers of the Cisco UCS B-Series, Managed C-Series, and X-Series models allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSH protocol implementation in Cisco Unified Computing System servers of the Cisco UCS B-Series, Managed C-Series, and X-Series models is related to insufficient channel restrictions for specific endpoints. Exploiting this vulnerability can allow an attacker operating...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin for IrfanView, a program for viewing and playing graphic, video, and audio files, is related to the execution of operations beyond the buffer boundaries in memory during the processing of DXF files. Exploiting this vulnerability allows an attacker to execu...

The vulnerability of Websoft HCM’s automation software for HR processes lies in its inability to properly handle incoming requests, allowing attackers to disclose protected information.

The vulnerability of Websoft HCM’s automation software for HR processes is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of the Fastjson library in the applyCT component of the HikCentral video surveillance and security management software allows a perpetrator to execute arbitrary code.

The vulnerability of the Fastjson library used in the applyCT component of the HikCentral video surveillance and security management software is related to deficiencies in the deserialization mechanism when processing json files. Exploiting this vulnerability allows an attacker to execute arbitra...

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models allows a hacker to execute arbitrary code within the context of the current user. This vulnerability is related to writing beyond the buffer boundaries.

The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models involves writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current user...

The vulnerability of the Windows Imaging Component (WIC) framework in Windows operating systems allows attackers to disclose protected information.

The vulnerability of the Windows Imaging Component WIC framework in Windows operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability of the Device Admin App operating system ctrlX OS allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out “man-in-the-middle” attacks by sending specially crafted HTTP requests...

The vulnerability of the Cisco Unified Contact Center Express (Unified CCX) operator automation software is related to deficiencies in the deserialization mechanism, allowing a malicious actor to execute arbitrary code.

The vulnerability of the Cisco Unified Contact Center Express operator automation software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created .aef file...

The vulnerability of the Akamai CloudTest performance testing platform lies in the improper limitation of XML links to external objects, which allows attackers to compromise privacy.

The vulnerability of the Akamai CloudTest performance testing platform relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to compromise privacy...

Software vulnerabilities The FPSU-IP/Client for Windows operating systems is vulnerable due to errors in the use of standard permissions, allowing attackers to increase their privileges.

The vulnerability of the FPSU-IP/Client software for Windows operating systems is related to errors in the use of standard permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...

Vulnerability of the shmemFetchNotification() function in the drivers/firmware/arm_scmi/common.h module – a driver for supporting Linux kernel patches, which allows an attacker to trigger a service failure

Vulnerability of the shmemFetchNotification function in the drivers/firmware/armscmi/common.h module – The driver for handling Linux kernel patches is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerability of the drm_mode_page_flip_ioctls function in the drivers/gpu/drm/drm_plane.c module – A driver for supporting Direct Rendering Infrastructure (DRI) in the Linux operating system, which allows a hacker to trigger a service failure.

Vulnerability of the drmmodepageflipioctls function in the drivers/gpu/drm/drmplane.c module – The Linux kernel’s Direct Rendering Infrastructure DRI driver has vulnerabilities related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the centreon-web component of the Centreon software for monitoring IT infrastructure allows a perpetrator to enhance their privileges and execute arbitrary code.

The vulnerability of the centreon-web component of the IT infrastructure monitoring software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code using a specially...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

The vulnerability of the tb_cfg_request_dequeue() function in the drivers/thunderbolt/ctl.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the tbcfgrequestdequeue function in the drivers/thunderbolt/ctl.c module of the Linux operating system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, is related to the execution of operations beyond the buffer boundaries in memory during the processing of DWG files. Exploiting this vulnerability allows an attacker to execut...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of authentication mechanisms. This allows attackers to gain unauthorized access to protected information.

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized acces...

The vulnerability of Atlassian Jira’s data processing software, related to the manipulation of cross-site requests, allows attackers to execute CSRF attacks.

The vulnerability of Atlassian Jira’s data processing products is related to insufficient protection when entering CSRF requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack remotely...

The vulnerability of the Calendar Storage module in the EMUI operating system of HarmonyOS allows a hacker to gain access to and modify data.

The vulnerability of the Calendar Storage module in the EMUI operating system of HarmonyOS is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to read and modify data...

The vulnerability of the CLI component of the Brocade Fabric OS operating system allows a hacker to trigger a service failure.

The vulnerability of the CLI component of the Brocade Fabric OS operating system is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the LAN Controller feature of the Cisco IOS XE operating system allows a hacker to execute arbitrary commands.

The vulnerability of the LAN Controller feature of the Cisco IOS XE operating system is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

The vulnerability of the RouterOS operating system for MikroTik routers, related to insufficient validation of input data, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the RouterOS operating system for MikroTik routers is related to insufficient validation of input data when processing the dst parameter. Exploiting this vulnerability allows a malicious actor to perform domain-based scenario attacks remotely...

The vulnerability of the JTAG microprogramming software components in Ethernet modules WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN allows intruders to implant or modify the firmware.

The vulnerability of the JTAG microprogramming software components in Ethernet modules WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN is related to access control deficiencies. Exploiting this vulnerability can allow attackers to implant or modify the firmware...

The vulnerability of the Modbus TCP Packet Handler component in the Ethernet module software for WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN allows a hacker to execute arbitrary commands.

The vulnerability of the Modbus TCP Packet Handler component in the Ethernet module software of WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the asynchronous messaging system Apache ActiveMQ Artemis, related to incorrect authentication, allows attackers to gain access to confidential information.

The vulnerability of the asynchronous messaging system Apache ActiveMQ Artemis is related to incorrect authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...

The vulnerability of the software platform for managing execution environments of Apache CloudStack, related to information disclosure, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the software platform that manages virtual machine environments in Apache CloudStack is related to information disclosure. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the software platform for managing execution environments of Apache CloudStack, related to insufficient protection of operational data, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the software platform that manages virtual machine environments in Apache CloudStack is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected...

The vulnerability of the Device Admin App on the ctrlX OS operating system allows a perpetrator to compromise the integrity of the vulnerable application’s configuration.

The vulnerability of the Device Admin App on the ctrlX OS lies in the improper validation of the data entered by the user against a list of allowed values. Exploiting this vulnerability allows an attacker to compromise the integrity of the vulnerable application by sending a specially crafted HTT...

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to trigger a service failure.

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controllers ABB RMC-100 and RMC-100-LITE lies in the fact that the operation data is written outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause...

The vulnerability of the fastapi-guard tool for analyzing network traffic, network detection, and response lies in its use of a regular expression with inefficient computational complexity, allowing attackers to trigger service failures.

The vulnerability of the fastapi-guard tool for analyzing network traffic, detecting network issues, and responding to them is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker operating remotely to cause...

The vulnerability of the Memory Management module in the EMUI operating system of HarmonyOS allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Memory Management module in the EMUI operating system of HarmonyOS relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Cisco Enterprise Chat and Email ECE web interface is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the Brokering File System (BFS) of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Brokering File System BFS in the Windows operating system is related to pointer manipulation. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client allows a hacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially craft...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, is related to memory corruption. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially crafted DWG format files...

The vulnerability of the AirPlay Handler component in operating systems such as macOS, iPadOS, iOS, tvOS, and visionOS allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the AirPlay Handler component in operating systems such as macOS, iPadOS, iOS, tvOS, and visionOS is related to deficiencies in access control. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality and integrity of protected information...

The vulnerability of the PI Connector for CygNet software in data integration lies in the insufficient protection of the website structure, which allows attackers to carry out XSS attacks.

The vulnerability of the PI Connector for CygNet data integration software is related to insufficient protection of the website structure. Exploiting this vulnerability could allow an attacker to carry out XSS attacks...

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to gain unauthorized access to protected information.

The vulnerability of the MQTT protocol web interface implementation for microprogrammable controllers ABB RMC-100 and RMC-100-LITE lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin in IrfanView, a program for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...

The vulnerability of the blocking page of the UserGate Next-Generation Firewall (NGFW) allows a hacker to execute arbitrary code.

The vulnerability of the UserGate Next-Generation Firewall’s blocking page is related to insufficient validation of input data. Exploiting this vulnerability allows a hacker to execute arbitrary code when navigating through a specially crafted link...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the microprogrammed Ethernet module software WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN lies in the unencrypted storage of critical information, allowing attackers to gain unauthorized access to protected data.

The vulnerability of the microprogrammed Ethernet module software WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN is related to the unencrypted storage of critical information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected informati...

The vulnerability of the Adobe Experience Manager content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Apache Tomcat software lies in the use of an insecure search path, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Tomcat software is related to the use of an insecure path search mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the web interface of IP camera software and digital/netscreen video recorders from Avtech allows a intruder to perform a CSRF attack.

The vulnerability of the web interface of IP camera software and digital/netscreen recorders from Avtech relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...