Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper neutralizatio (CVSS 5.3).
Insufficient input validation in HIKSEMI NAS devices allows authenticated users to trigger denial of service conditions through malformed messages. An attacker with valid credentials can exploit this flaw to cause abnormal device behavior and availability disruptions without requiring user interaction. No patch is currently available to address this vulnerability.
Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. [CVSS 4.6 MEDIUM]
HIKSEMI NAS devices improperly validate filenames, allowing attackers with physical access to traverse directory structures and read sensitive system files. This vulnerability affects confidentiality but requires local presence and no authentication, making it a risk primarily in physically accessible environments. No patch is currently available for this issue.
Authenticated users of HIKSEMI NAS products can access and modify file resources belonging to other users due to insufficient access control checks. This allows any logged-in attacker to manipulate arbitrary files across user accounts without authorization, though a valid account is required to exploit the vulnerability. No patch is currently available.
Tanium addressed an improper access controls vulnerability in Tanium Server. [CVSS 4.3 MEDIUM]
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. [CVSS 3.2 LOW]
Dir-823X Firmware versions up to 250416 is affected by improper restriction of excessive authentication attempts (CVSS 3.7).
Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. [CVSS 2.4 LOW]
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.
A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions up to 2025 is affected by missing authentication for critical function.
LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 versions up to 14.1 is affected by command injection.
An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions up to 2025 is affected by unrestricted upload of file with dangerous type.
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface.
After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.
Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 versions up to 2.7 is affected by reachable assertion.
LobeHub is an open source human-and-AI-agent network. versions up to 1.143.3 contains a vulnerability that allows attackers to a discrepancy between actual resource consumption and billing calculations, caus.
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls.
Wikimedia Foundation Mediawiki - DiscussionTools Extension is affected by improper neutralization of special elements used in an expression language statement.
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.
Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.