| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to detect potential corrupted nid in free_nid_list
As reported, on-disk footer.ino and footer.nid is the same and
out-of-range, let's add sanity check on f2fs_alloc_nid() to detect
any potential corruption in free_nid_list. |
| Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system. |
| An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism. |
| A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection. |
| An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures. |
| This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. |
| Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24. |
| An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior. |
| Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’. |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575. |
| An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. |
| Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page. |
| Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password.
This issue affects Pro Cloud Server: earlier than 6.0.165. |
| Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS).
This issue affects Pro Cloud Server: earlier than 6.0.165. |
| Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.
|
| This vulnerability allows the successful attacker to gain unauthorized access to a
configuration web page delivered by the integrated web Server of EIBPORT.
This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. |
| An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance.
Looker-hosted and Self-hosted were found to be vulnerable.
This issue has already been mitigated for Looker-hosted instances. No user action is required for these.
Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.
The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :
* 24.12.103+
* 24.18.195+
* 25.0.72+
* 25.6.60+
* 25.8.42+
* 25.10.22+ |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Portfolio allows PHP Local File Inclusion.This issue affects Phlox Portfolio: from n/a through 2.3.1. |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service. |
