Hiawatha Webserver versions up to 11.7 contains a vulnerability that allows attackers to arbitrary code execution (CVSS 6.5).
Tenda W30E firmware through V16.01.0.19(5037) is vulnerable to CORS misconfiguration that permits authenticated administrative endpoints to accept credentialed cross-origin requests from arbitrary origins. An authenticated attacker can exploit this vulnerability to perform unauthorized actions on affected devices by tricking administrators into visiting malicious web pages. No patch is currently available for this vulnerability.
Tenda W30E firmware versions through V16.01.0.19(5037) omit the X-Content-Type-Options: nosniff header from web management interfaces, enabling MIME type confusion attacks. An unauthenticated remote attacker can exploit this to inject malicious scripts that browsers may execute as legitimate content, potentially compromising the integrity and confidentiality of management traffic. No patch is currently available for this vulnerability.
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security. [CVSS 6.5 MEDIUM]
Tenda W30E V2 firmware through V16.01.0.19(5037) exposes stored administrative passwords in plaintext on the management interface, allowing any authenticated user to retrieve credentials. This information disclosure affects administrative account security and could enable privilege escalation or lateral movement. No patch is currently available.
A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. [CVSS 6.4 MEDIUM]
Operation And Maintenance Security Management System versions up to 3.0.12. contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Unrestricted file upload in code-projects Online Examination System 1.0 via the /admin_pic.php endpoint allows authenticated remote attackers to upload arbitrary files with minimal complexity. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable code execution or system compromise depending on server configuration and file handling.
A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page - enabling DOM access, session cookie theft and other client-side attacks - via a crafted URL that supplies a malicious value to the q GET parameter (reflected DOM XSS). [CVSS 6.1 MEDIUM]
Dcs-700L Firmware versions up to 1.03.09 contains a vulnerability that allows attackers to command injection (CVSS 4.7).
Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. [CVSS 4.0 MEDIUM]
A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. [CVSS 3.5 LOW]
A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-controlled postponed state data. [CVSS 5.9 MEDIUM]
A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. [CVSS 5.9 MEDIUM]
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. [CVSS 3.3 LOW]
Out-of-bounds write in GPAC's SRT subtitle import functionality (versions up to 2.4.0) allows local attackers with user privileges to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, and a patch is available. Local access is required to exploit this flaw, limiting the attack surface to authenticated users on the affected system.
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. [CVSS 3.3 LOW]
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. [CVSS 3.3 LOW]
Stack-based buffer overflow in pymumu SmartDNS versions up to 47.1 within the SVBC Record Parser component allows remote attackers to cause information disclosure and limited integrity/availability impact through specially crafted DNS SVCB/HTTPS records. Exploitation requires high complexity and specific conditions, making practical attacks difficult. No patch is currently available.
Tenda W30E V2 firmware through version 16.01.0.19(5037) fails to implement proper cache-control headers on sensitive administrative responses, allowing a local authenticated attacker to retrieve cached credentials from the browser's storage. This high-confidentiality impact vulnerability has no available patch and affects users on vulnerable firmware versions.
WellChoose's Single Sign-On Portal System contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript into user browsers through social engineering. An attacker could leverage this to steal session tokens, credentials, or perform actions on behalf of targeted users. A patch is not currently available; mitigation requires input validation and output encoding controls.
Tenda W30E V2 firmware through V16.01.0.19(5037) fails to properly sanitize user input during account creation, allowing authenticated attackers to inject persistent malicious scripts that execute in administrators' browsers when accessing management pages. This stored XSS vulnerability enables session hijacking, credential theft, and unauthorized configuration changes with low complexity exploitation requiring only user interaction from an admin. No patch is currently available for affected devices.
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. [CVSS 5.3 MEDIUM]
Hiawatha versions up to 11.7 contains a vulnerability that allows attackers to request smuggling has been identified in Hiawatha webserver version 11 (CVSS 5.3).
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. [CVSS 5.3 MEDIUM]
Stored XSS in ArcGIS Pro 3.6.0 and earlier allows local attackers to inject malicious scripts into application dialogs that execute when opened by users with standard local access. No patch is currently available, and exploitation requires user interaction with a specific dialog containing attacker-supplied input. The vulnerability affects the desktop application only and poses a confidentiality and integrity risk without requiring elevated privileges.
Tanium addressed an uncontrolled resource consumption vulnerability in Discover. [CVSS 4.9 MEDIUM]
EVerest is an EV charging software stack. [CVSS 4.3 MEDIUM]
A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack on the physical device. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this di...
Tenda W30E V2 firmware through V16.01.0.19(5037) lacks CSRF protections on administrative functions, enabling attackers to hijack authenticated admin sessions and modify configuration settings or reset administrator credentials. An attacker can craft malicious requests that execute with the privileges of a logged-in administrator when visited in their browser. No patch is currently available for this vulnerability.
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. [CVSS 4.3 MEDIUM]
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. [CVSS 3.7 LOW]
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. [CVSS 3.3 LOW]
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. [CVSS 3.1 LOW]
Tanium addressed an improper input validation vulnerability in Discover. [CVSS 2.7 LOW]
Operation And Maintenance Security Management System versions up to 3.0.12. contains a security vulnerability (CVSS 6.3).
Unrestricted file upload in iJason-Liu Books_Manager allows authenticated attackers with high privileges to upload arbitrary files via the book_cover parameter in the upload_bookCover.php controller. Public exploit code exists for this vulnerability, increasing the risk of exploitation. A patch is not currently available for this rolling-release product.
A vulnerability has been found in iJason-Liu Books_Manager versions up to 298 is affected by cross-site scripting (xss) (CVSS 2.4).
The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication.
The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290).
An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services and the Kaba exos 9300 GUI, containing status information about the Access Managers.
Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers.
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests.
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.
with the restriction that the password is only randomized if the configured date versions up to 2022. contains a security vulnerability.
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket.
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration.
Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated.