Monthly
Header injection filtering bypass in Plack::Middleware::Security::Common (Perl) versions prior to 0.13.1 allows remote attackers to smuggle CRLF sequences and additional headers through request paths that are not double-encoded. The flaw weakens a security middleware specifically designed to prevent header injection, and while EPSS sits at 0.03% (9th percentile) with no public exploit identified at time of analysis, downstream impact depends on how reverse proxies and Plack-based servers handle the unblocked CRLF payloads.
Path traversal in WAGO Device Sphere and Solution Builder allows unauthenticated remote attackers to access backend components and expose sensitive information. The vulnerability stems from insufficient input validation (CWE-790), enabling attackers to bypass intended access boundaries with low complexity over network vectors. CVSS 7.5 (High) reflects significant confidentiality impact. EPSS data unavailable; no public exploit identified at time of analysis, and CISA KEV status not confirmed.
Ericsson Indoor Connect 8855 prior to version 2025.Q3 contains an Improper Filtering of Special Elements vulnerability (CWE-790) that allows attackers to bypass input validation controls and achieve unauthorized modification of sensitive information. This vulnerability affects all versions of the Indoor Connect 8855 product line below the 2025.Q3 release. No CVSS score, CVSS vector, EPSS data, or active exploitation status is currently available in public sources, limiting quantitative risk assessment, though the CWE-790 classification suggests the vulnerability involves inadequate sanitization of special characters or metacharacters in user input.
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Header injection filtering bypass in Plack::Middleware::Security::Common (Perl) versions prior to 0.13.1 allows remote attackers to smuggle CRLF sequences and additional headers through request paths that are not double-encoded. The flaw weakens a security middleware specifically designed to prevent header injection, and while EPSS sits at 0.03% (9th percentile) with no public exploit identified at time of analysis, downstream impact depends on how reverse proxies and Plack-based servers handle the unblocked CRLF payloads.
Path traversal in WAGO Device Sphere and Solution Builder allows unauthenticated remote attackers to access backend components and expose sensitive information. The vulnerability stems from insufficient input validation (CWE-790), enabling attackers to bypass intended access boundaries with low complexity over network vectors. CVSS 7.5 (High) reflects significant confidentiality impact. EPSS data unavailable; no public exploit identified at time of analysis, and CISA KEV status not confirmed.
Ericsson Indoor Connect 8855 prior to version 2025.Q3 contains an Improper Filtering of Special Elements vulnerability (CWE-790) that allows attackers to bypass input validation controls and achieve unauthorized modification of sensitive information. This vulnerability affects all versions of the Indoor Connect 8855 product line below the 2025.Q3 release. No CVSS score, CVSS vector, EPSS data, or active exploitation status is currently available in public sources, limiting quantitative risk assessment, though the CWE-790 classification suggests the vulnerability involves inadequate sanitization of special characters or metacharacters in user input.
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.