A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=obj_area_export_save. The manipulation of the
Overview
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) seque
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c o
The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized c
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated r
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overl
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regula
Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could all
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//)
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a
Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected
The
iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create direct
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform
Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary wi
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciou
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attac