π¨ CVE-2021-3794
vuelidate is vulnerable to Inefficient Regular Expression Complexity
π@cveNotify
vuelidate is vulnerable to Inefficient Regular Expression Complexity
π@cveNotify
GitHub
fix(validators): update the url validator, to reduce potential ReDos β¦ Β· vuelidate/vuelidate@1f0ca31
β¦attacks (#933)
π¨ CVE-2023-41290
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following version:
QuFirewall 2.4.1 ( 2024/02/01 ) and later
π@cveNotify
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following version:
QuFirewall 2.4.1 ( 2024/02/01 ) and later
π@cveNotify
π¨ CVE-2023-41291
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following version:
QuFirewall 2.4.1 ( 2024/02/01 ) and later
π@cveNotify
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following version:
QuFirewall 2.4.1 ( 2024/02/01 ) and later
π@cveNotify
π¨ CVE-2024-50390
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.5.032 and later
π@cveNotify
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.5.032 and later
π@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerability in QuRouter - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
π¨ CVE-2024-53700
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.6.028 and later
π@cveNotify
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.6.028 and later
π@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerability in QuRouter - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
π¨ CVE-2024-13087
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.6.028 and later
π@cveNotify
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.6.028 and later
π@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Multiple Vulnerabilities in QuRouter - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
π₯1
π¨ CVE-2014-0774
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
π@cveNotify
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.
π@cveNotify
π¨ CVE-2014-0779
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
π@cveNotify
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).
π@cveNotify
π¨ CVE-2014-0777
The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet.
π@cveNotify
The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet.
π@cveNotify
π¨ CVE-2014-0778
TCPUploader module listens on Port 10651/TCP for incoming connections.
Exploitation of this vulnerability could allow a remote unauthenticated
user access to release OS version information. While this is a minor
vulnerability, it represents a method for further network
reconnaissance.
π@cveNotify
TCPUploader module listens on Port 10651/TCP for incoming connections.
Exploitation of this vulnerability could allow a remote unauthenticated
user access to release OS version information. While this is a minor
vulnerability, it represents a method for further network
reconnaissance.
π@cveNotify
Emerson
Movicon | Emerson IT
La piattaforma software industriale Movicon offre la connettivitΓ e le funzionalitΓ SCADA/HMI di ultima generazione mediante interfacce modulari, scalabili e sicure che aiutano a ottimizzare le operazioni e l'efficienza da qualsiasi luogo e dispositivo. Iβ¦
π¨ CVE-2025-10894
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
π@cveNotify
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
π@cveNotify
π¨ CVE-2025-54520
Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality.
π@cveNotify
Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality.
π@cveNotify
AMD
Undervoltage-based Static Side-channel Attacks (βChypnosisβ) on FPGAs
π¨ CVE-2025-10585
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 140.0.7339.185/.186 for Windows/Mac, and 140.0.7339.185 for Linux which will roll out over the com...
π¨ CVE-2025-6076
Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
π@cveNotify
Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
π@cveNotify
Partnersoftware
Software Version 4.32 - Partner Software
Specifications for Map Publisher, Partner Hub, End User and Mobile hardware requirements.
β€1
π¨ CVE-2025-6077
Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
π@cveNotify
Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.
π@cveNotify
Partnersoftware
Software Version 4.32 - Partner Software
Specifications for Map Publisher, Partner Hub, End User and Mobile hardware requirements.
π¨ CVE-2025-6078
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
π@cveNotify
Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page when viewing a job but does not completely sanitize input, making it possible to add notes with HTML tags and JavaScript, enabling an attacker to add a note containing malicious JavaScript, leading to stored XSS (cross-site scripting).
π@cveNotify
Partnersoftware
Software Version 4.32 - Partner Software
Specifications for Map Publisher, Partner Hub, End User and Mobile hardware requirements.
π¨ CVE-2025-21056
Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices.
π@cveNotify
Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices.
π@cveNotify
π¨ CVE-2024-7885
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
π@cveNotify
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
π@cveNotify
π¨ CVE-2023-5236
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
π@cveNotify
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
π@cveNotify
π¨ CVE-2025-22106
In the Linux kernel, the following vulnerability has been resolved:
vmxnet3: unregister xdp rxq info in the reset path
vmxnet3 does not unregister xdp rxq info in the
vmxnet3_reset_work() code path as vmxnet3_rq_destroy()
is not invoked in this code path. So, we get below message with a
backtrace.
Missing unregister, handled but fix driver
WARNING: CPU:48 PID: 500 at net/core/xdp.c:182
__xdp_rxq_info_reg+0x93/0xf0
This patch fixes the problem by moving the unregister
code of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup().
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
vmxnet3: unregister xdp rxq info in the reset path
vmxnet3 does not unregister xdp rxq info in the
vmxnet3_reset_work() code path as vmxnet3_rq_destroy()
is not invoked in this code path. So, we get below message with a
backtrace.
Missing unregister, handled but fix driver
WARNING: CPU:48 PID: 500 at net/core/xdp.c:182
__xdp_rxq_info_reg+0x93/0xf0
This patch fixes the problem by moving the unregister
code of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup().
π@cveNotify
π¨ CVE-2025-10940
A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify