CVE Catalog

An authentication bypass vulnerability has been identified in Moxa's Ethernet switches, specifically in the EDS-508A Series and various PT switch series, all running specific firmware versions or earlier. This vulnerability arises from flaws in the authorization mechanism, which, despite involving both client-side and back-end server verification, can be exploited by attackers. The weaknesses may allow brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

A vulnerability allowing information exposure exists in the Piotnet Addons For Elementor plugin for WordPress, affecting all versions through 2.4.32. The issue arises from the 'pafe-template' shortcode, which lacks proper restrictions on the posts that can be included. This flaw enables authenticated attackers with Contributor-level access or higher to access and extract data from private or draft posts created with Elementor, which they should not be able to view.

A vulnerability in NEC Aterm WX1500HP versions through 1.4.2 and WX3600HP versions through 1.5.3 allows an attacker to execute arbitrary operating system commands over the network.

A vulnerability allowing unauthorized access to critical functions has been identified in several NEC Aterm products, including the WG2600HS, WF1200CRS, WG1200CRS, GB1200PE, WG2600HP4, WG2600HM4, WG2600HS2, WX3000HP, and WX4200D5. In these affected versions, an attacker can retrieve the Wi-Fi password over the network.

A cross-site scripting vulnerability exists in several NEC Aterm router models, including the WG2600HS (through 1.7.2), WG2600HP4 (through 1.4.2), WG2600HM4 (through 1.4.2), WG2600HS2 (through 1.3.2), WX3000HP (through 2.4.2), and WX4200D5 (through 1.2.4). This vulnerability allows an attacker to inject arbitrary scripts via the network.

A denial-of-service vulnerability has been identified in Silicon Labs ZigBee coordinators, routers, and end devices. When these devices receive an unsolicited encrypted rejoin response, they may unintentionally change their node ID. This alteration leads to a denial-of-service condition, causing disruption in the network. To restore normal operation, the network must be re-established.

A denial-of-service vulnerability has been identified in Genivia gSOAP, specifically in versions prior to 2.8.133. When certain options are used with the gSOAP tools 'wsdl2h' or 'soapcpp2', an unauthenticated remote attacker can induce a high CPU load by forcing the parser to process XML files containing duplicate ID attributes. This issue can arise when the software is compiled with specific flags and the resulting application is exposed to crafted XML data.

A stored cross-site scripting vulnerability has been identified in the Event Registration Calendar By vcita plugin for WordPress, affecting all versions through 1.4.0. The issue arises from inadequate input sanitization and output escaping on user-supplied attributes within the plugin's shortcodes. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A stack-based buffer overflow vulnerability has been identified in Linux Ratfor versions through 1.06. This vulnerability allows for arbitrary code execution when the software processes a specially crafted file. Consequently, an attacker could manipulate or access information in the user environment or disrupt its usability.

A stored cross-site scripting vulnerability has been identified in the ViewMedica 9 plugin for WordPress, affecting all versions through 1.4.15. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'viewmedica' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A search injection vulnerability has been identified in Mongoose versions prior to 8.9.5. This issue arises from the improper handling of nested $where filters used in conjunction with the populate() method, allowing for potential search injection attacks.

A Time-of-check Time-of-use (TOCTOU) race condition vulnerability has been identified in Dell Display Manager versions prior to 2.3.2.18. This vulnerability allows a low-privileged attacker with local access to potentially exploit the issue, leading to unauthorized code execution and possibly escalating privileges.

A race condition vulnerability has been identified in Dell Display Manager versions prior to 2.3.2.20. This vulnerability could be exploited by a local malicious user during the installation process, potentially leading to the arbitrary deletion of files or folders.

A local privilege escalation vulnerability has been identified in Yubico's pam-u2f package, prior to version 1.3.1. This Pluggable Authentication Module (PAM) allows authentication using YubiKeys or other FIDO-compliant devices on macOS and Linux. The vulnerability arises from improper handling of PAM_IGNORE return values in the pam_sm_authenticate() function, which can lead to an authentication bypass in certain configurations. An unprivileged user may exploit this issue, and depending on the setup, knowledge of the user's password might also be required.

A reflected cross-site scripting vulnerability has been identified in the Car Demon plugin for WordPress, affecting all versions through 1.8.1. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link or performing a similar action.

A denial-of-service vulnerability has been identified in the Swift ASN.1 library, affecting versions prior to 1.3.0. The issue arises when the library parses certain BER/DER constructions, leading to a crash. This crash occurs because the library incorrectly assumes that specific objects can only be in either constructed or primitive forms, triggering a precondition failure when this assumption is violated. Although these constraints are mandatory in DER, the early node parser did not enforce them, allowing for this vulnerability to be exploited. The crash, while not a memory-safety issue, represents a graceful failure in the Swift runtime. This vulnerability can be exploited when parsing BER/DER data from untrusted sources, such as TLS certificates.

A stored cross-site scripting vulnerability has been identified in the Linksys E5600 Router, specifically in version 1.1.0.26. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the 'desc' parameter of the 'prf_table_content' component.

A stored cross-site scripting vulnerability has been identified in the Linksys E5600 Router, specifically in version 1.1.0.26. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the 'desc' parameter of the 'spf_table_content' component.

A server-side request forgery (SSRF) vulnerability has been identified in MSFM versions prior to 2025.01.01. The issue arises in the file/download component, allowing attackers to manipulate server-side requests and potentially access internal resources or services.

A deserialization vulnerability in the Fastjson library has been identified in MSFM versions prior to 2025.01.01. This vulnerability allows for unsafe deserialization of data, which could potentially be exploited to execute arbitrary code or cause other unintended behavior in the application.

A SQL injection vulnerability has been identified in MSFM versions prior to 2025.01.01. The issue arises in the table/list interface, specifically through the s_name parameter, allowing for unauthorized SQL query manipulation.

A deserialization vulnerability in the Fastjson library has been identified in MSFM versions prior to 2025.01.01. This vulnerability allows for unsafe deserialization of data, which could potentially be exploited to execute arbitrary code or cause other unintended behavior in the application.

A fastjson deserialization vulnerability has been identified in MSFM versions prior to 2025.01.01. This vulnerability resides in the system/table/addField component, allowing for potential exploitation through improper handling of serialized data.

A deserialization vulnerability has been identified in MSFM versions prior to 2025.01.01. This issue arises from the application's handling of the pom.xml configuration file, which can be exploited to manipulate object serialization processes.

A vulnerability allowing arbitrary file upload has been identified in JeeWMS versions prior to 2025.01.01. This issue arises in the parserXML() method, where attackers can upload a crafted file that leads to the execution of arbitrary code.

A SQL injection vulnerability has been identified in JeeWMS versions prior to 2025.01.01. The issue arises in the CGReportDao component, specifically through the ReportId parameter in the CGReportController. The vulnerability allows for unfiltered and unescaped parameter values to be concatenated into SQL queries, enabling potential manipulation of the database query execution.

A permission bypass vulnerability has been identified in JeeWMS versions prior to 2025.01.01. The issue resides in the AuthInterceptor component, where the logic improperly validates request paths against an exclusion list. This flaw allows unauthorized access to sensitive data by circumventing backend verification.

A buffer overflow vulnerability has been identified in the Tenda i24 router, specifically in version V2.0.0.5. The issue arises within the addWifiMacFilter function, where improper handling of input can lead to memory corruption.

A buffer overflow vulnerability has been identified in the H3C N12 V100R005 router model. This vulnerability arises from inadequate length verification in the MAC address editing function. Attackers exploiting this issue can cause the device to crash or execute arbitrary commands by sending a POST request to the '/bin/webs' endpoint.

A denial-of-service vulnerability has been identified in Flatnotes versions prior to 5.3.1. The issue arises in the image upload function, where authenticated users can upload images in a way that disrupts service. This not only affects the usability of the application but also interferes with other API functions and can lead to server-wide denial-of-service conditions.

A cross-site scripting vulnerability has been identified in the Discourse AI plugin. This issue arises when conversations with the Discourse AI Bot are shared into posts, as HTML entities from the conversation can leak into the Discourse application. The vulnerability affects Discourse AI versions prior to 7ebbcd2.

A cross-site scripting (XSS) vulnerability has been identified in the Silverstripe Framework, specifically in versions prior to 5.3.8. This issue arises in certain scenarios where form messages can include user-provided content with HTML markup, such as links. In these cases, the content is not properly sanitized before being incorporated into the form messages, allowing for XSS attacks.

A cross-site scripting vulnerability has been identified in the Silverstripe Asset Admin component, specifically in versions of the Silverstripe Framework prior to 5.3.8. The issue arises when the 'insert media' feature is used, as the linked oEmbed JSON contains an HTML attribute that replaces the embed shortcode without proper sanitization. This oversight allows script payloads to be executed on both the Content Management System (CMS) and the front end of the website.

A remote code execution vulnerability has been identified in the ECOVACS Deebot T20 OMNI and T20e OMNI models, prior to version 1.24.0. This vulnerability allows for unauthorized code execution on the device via WiFi.

A buffer overflow vulnerability has been identified in the H3C N12 V100R005 router model. This vulnerability arises from inadequate length verification in the 5G wireless network processing function. Attackers exploiting this issue can cause the device to crash or execute arbitrary commands by sending a POST request to a specific endpoint.

A buffer overflow vulnerability has been identified in the H3C N12 router, specifically in the V100R005 version. This vulnerability arises from inadequate length verification in the access point (AP) configuration function. Attackers exploiting this issue can cause the device to crash or execute arbitrary commands by sending a POST request to the '/bin/webs' endpoint.

A buffer overflow vulnerability has been identified in the H3C N12 V100R005 router model. This vulnerability arises from the MAC address update function's failure to properly verify the length of incoming data. Attackers who exploit this vulnerability can cause the device to crash or execute arbitrary commands by sending a specially crafted POST request to the device's web interface.

A buffer overflow vulnerability has been identified in the H3C N12 router, specifically in the V100R005 version. This vulnerability arises from inadequate length verification in the 2.4G wireless network processing function. Attackers who exploit this vulnerability can cause the device to crash or execute arbitrary commands by sending a POST request to the '/bin/webs' endpoint.

A stored cross-site scripting vulnerability has been identified in GestioIP version 3.5.7. The issue arises in the 'ip_mod_dns_key_form.cgi' request, where an attacker can inject malicious code into the 'TSIG Key' field. This injected code is saved in the database and executed when the data is viewed, potentially leading to data exfiltration and allowing cross-site request forgery attacks.

A reflected cross-site scripting vulnerability has been identified in GestioIP version 3.5.7. The issue arises in the 'ip_import_acl_csv' request, where improperly formatted file uploads can result in the content being reflected in the HTML response. This flaw allows attackers to execute malicious scripts or exfiltrate data.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in GestioIP version 3.5.7. This issue allows an attacker to perform actions on behalf of an administrator by sending them a malicious link. When the admin clicks the link, the attacker's actions are executed, potentially leading to unauthorized data modification, deletion, or exfiltration.

A Cross-Site Scripting (XSS) vulnerability has been identified in GestioIP version 3.5.7. The issue arises in the 'ip_do_job' request, where improper handling of user input allows for the injection of malicious scripts. This vulnerability not only facilitates XSS but also enables Cross-Site Request Forgery (CSRF) attacks and requires specific user permissions within the application for successful exploitation.

A remote code execution vulnerability exists in GestioIP version 3.5.7. The issue arises from the file upload functionality, which allows an authenticated attacker to upload a malicious file named 'perlcmd.cgi'. This file overwrites the existing 'upload.cgi' file, thereby enabling the execution of arbitrary commands on the server.

A privilege escalation vulnerability exists in Lenovo XClarity Administrator (LXCA) versions prior to 4.1. When LXCA is used as a Single Sign-On (SSO) provider for XCC instances, a valid, authenticated LXCA user could escalate permissions for a connected XCC instance.

A buffer overflow vulnerability has been identified in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store. This vulnerability could allow a local attacker to cause a system crash. Affected versions include Lenovo PC Manager versions prior to 5.1.90.12092, Lenovo Browser versions prior to 9.0.5.12181, and Lenovo App Store versions prior to 9.0.20.

A potential time-of-check to time-of-use (TOCTOU) vulnerability has been identified in Lenovo PC Manager, Lenovo Browser, and the Lenovo App Store. This vulnerability could allow a local attacker to cause a system crash.

A vulnerability exists in the IPv6-in-IPv4 tunneling mechanism, as defined in RFC 4213, allowing an attacker to spoof and route traffic through a vulnerable host's network interface. This issue arises because the tunneling protocol lacks authentication, enabling the injection of traffic from any source. The vulnerability is present in hosts that accept unencrypted tunneling packets without verifying the sender's identity, effectively turning the host into a one-way proxy for the attacker.

A vulnerability exists in IPv4-in-IPv6 and IPv6-in-IPv6 tunneling protocols, as defined in RFC 2473, due to the lack of source packet validation. This flaw enables an attacker to spoof and route arbitrary traffic through a vulnerable host's network interface. The issue arises from the protocols' inherent design, which does not authenticate or encrypt traffic, leaving them open to exploitation. This vulnerability is particularly concerning because it can be used to bypass network filters and conduct anonymous attacks, similar to a previously identified vulnerability in IP-in-IP tunneling (CVE-2020-10136).

A heap-based buffer overflow vulnerability has been identified in Adobe Substance 3D Designer versions 14.0 and earlier. This vulnerability could lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

A vulnerability allowing out-of-bounds write has been identified in Adobe Substance 3D Designer versions 14.0 and earlier. This vulnerability could lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.